what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2022-41946

Status Candidate

Overview

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.

Related Files

Red Hat Security Advisory 2023-3954-01
Posted Jun 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3954-01 - This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, code execution, denial of service, information leakage, resource exhaustion, server-side request forgery, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2012-5783, CVE-2020-13956, CVE-2022-24785, CVE-2022-31692, CVE-2022-36437, CVE-2022-38398, CVE-2022-38648, CVE-2022-40146, CVE-2022-41704, CVE-2022-41854, CVE-2022-41881, CVE-2022-41940, CVE-2022-41946, CVE-2022-41966
SHA-256 | b9ad17c0639a99e73879d0ac2298fc210c934f52c497fb63d77d3a07270b9229
Red Hat Security Advisory 2023-3906-01
Posted Jun 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3906-01 - A security update for Camel K 1.10.1 is now available. Issues addressed include XML injection, information leakage, resource exhaustion, and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2022-39368, CVE-2022-41946, CVE-2022-4244, CVE-2022-4245, CVE-2022-46363, CVE-2023-1370
SHA-256 | 7ec1249380111c4f2a6deacfb1495e2b529089277761a2f81b16c3843a66159c
Red Hat Security Advisory 2023-2867-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2867-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Issues addressed include an information leakage vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-41946
SHA-256 | 66ff1eb7b433ae2b436f4b465d0883283cfb57b801d546cf7ad83b07feda0618
Red Hat Security Advisory 2023-2378-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2378-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Issues addressed include an information leakage vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-41946
SHA-256 | 88d3fade0f954547988f8fa9d28ea778a74ed8e5b57bd349b5649a2125535bcf
Red Hat Security Advisory 2023-1815-01
Posted Apr 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1815-01 - Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41946
SHA-256 | 2eff8844a7d75ec8ab0b319a1d489a5238ea00dcd5e05f7637dfd0a486367298
Red Hat Security Advisory 2023-1630-01
Posted Apr 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1630-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41946
SHA-256 | 3d34361ae29c5d00584362f3f104aa94f547b5ead6b1ee8d7675507db00cfe17
Red Hat Security Advisory 2023-1177-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1177-01 - A security update for Red Hat Integration Camel Extensions for Quarkus 2.7-1 is now available. Issues addressed include denial of service and information leakage vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2022-41946, CVE-2022-41966
SHA-256 | 4c80cff8cf613a3a61facddaec30fcd1c9360c4674580dff1941f635132c80d8
Red Hat Security Advisory 2023-1006-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1006-01 - This release of Red Hat build of Quarkus 2.7.7 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, denial of service, deserialization, information leakage, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, code execution, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2022-1471, CVE-2022-31197, CVE-2022-3171, CVE-2022-41946, CVE-2022-41966, CVE-2022-42003, CVE-2022-42004, CVE-2022-42889, CVE-2023-0044
SHA-256 | 22e7b3eb2e44fe047c265d427baa95d5cd894dbe2e83f35b2ba2c51d7269e2f5
Red Hat Security Advisory 2023-0888-01
Posted Feb 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0888-01 - A security update for 2.13.2-1 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-41881, CVE-2022-41946
SHA-256 | d4de88d15e138f91bd87cf8e8825d14fabd472872f1b7b84374be9f237454a82
Red Hat Security Advisory 2023-0758-01
Posted Feb 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0758-01 - This release of Red Hat build of Quarkus 2.13.7 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-1471, CVE-2022-41881, CVE-2022-41946, CVE-2022-45047, CVE-2023-0044
SHA-256 | 8b9c35c270302dba0c57430b447b9409f09807e208b11e539efb27db51a88a2a
Red Hat Security Advisory 2023-0759-01
Posted Feb 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0759-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-41946
SHA-256 | 3a013aeebb819c40241eb21209dadcee7a0a0e72fc7a6f0edd34cc1a1875f4a7
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close