pgJDBC 授权问题漏洞

pgJDBC is a PostgreSQL driver for pgJDBC open source. An authorization issue vulnerability exists in pgJDBC versions 42.7.4 through 42.7.7, which stems from a channel binding misconfiguration that could lead to a man-in-the-middle attack...

CVE-2025-46337 SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. Impact PostgreSQL...

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario...

Deserialization Of Untrusted Data

H2O-3 is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization due to user-controlled JDBC URLs being passed to DriverManager.getConnection, which can trigger deserialization of untrusted data when MySQL or PostgreSQL drivers are available in the...

CVE-2024-10553

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

CVE-2024-10553

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

Linux Distros Unpatched Vulnerability : CVE-2024-27289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default...

Linux Distros Unpatched Vulnerability : CVE-2024-27304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An intege...

PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

pgjdbc, the PostgreSQL JDBC Driver, allows an attacker to inject SQL if using PreferQueryMode=SIMPLE. Note, this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a...

Security Bulletin: IBM Instana Observability is vulnerable to SQL injection due to PostgreSQL driver and toolkit for Go, known as pgx.

Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability Using third-party datastore Operators as part of the postgres operator CVE-2024-27304. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-2730...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

CBL Mariner 2.0 Security Update: telegraf (CVE-2024-27289)

The version of telegraf installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27289 advisory. - pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all o...

OPENSUSE-SU-2024:12606-1 postgresql-jdbc-42.2.25-4.1 on GA media

These are all security issues fixed in the postgresql-jdbc-42.2.25-4.1 package on the GA media of openSUSE Tumbleweed...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

CLSA-2024-1714462946 Fix CVE(s): CVE-2024-1013

SECURITY UPDATE: PostgreSQL driver: Fix incompatible pointer-to-integer types - debian/patches/CVE-2024-1013.patch: Fix out-of-bounds stack write by adjusting byte size in callee function - CVE-2024-1013...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...