Lucene search
K

63 matches found

CNNVD
CNNVD
added 2023/03/07 12:0 a.m.5 views

pg_ivm 代码问题漏洞

pgivm is a library in the SRA OSS open source . IVM Incremental View Maintenance implementation as a PostgreSQL extension. A security vulnerability exists in pgivm versions prior to 1.5.1, which stems from the presence of an uncontrolled search path element vulnerability that can be exploited by ...

8.8CVSS6.7AI score0.00939EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/06 6:22 a.m.3 views

Multiple vulnerabilities in PostgreSQL extension module pg_ivm

Overview pgivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pgivm contains multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2023-228...

8.8CVSS7AI score0.00939EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.4 views

SUSE CVE-2015-1352

The buildtablename function in pgsql.c in the PostgreSQL aka pgsql extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted name...

5CVSS6.9AI score0.07758EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.4 views

SUSE CVE-2015-4644

The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...

7.5CVSS7AI score0.06393EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/02/04 12:0 a.m.24 views

Apache AGE SQL注入漏洞

Apache AGE is a PostgreSQL extension from the Apache Foundation that provides graphical database functionality. An SQL injection vulnerability exists in the Apache AGE driver, which stems from an inability to parameterize passed values, leading to SQL injection...

8.1CVSS7.9AI score0.00948EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/01/12 9:29 a.m.4 views

postgresql: Extension scripts replace objects not belonging to the extension.

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

8CVSS6.9AI score0.0152EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/07/04 7:45 a.m.8 views

php: Uninitialized array in pg_query_params() leading to RCE

A vulnerability was found in PHP due to an uninitialized array in pgqueryparams function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote...

8.1CVSS7.8AI score0.03437EPSS
Exploits1References5
OSV
OSV
added 2022/06/16 6:15 a.m.1 views

DEBIAN-CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

8.1CVSS6.9AI score0.03437EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/06 7:0 a.m.8 views

CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

8.1CVSS8.7AI score0.03437EPSS
Exploits1References10Affected Software1
RedHat Linux
RedHat Linux
added 2020/10/21 1:8 p.m.6 views

postgresql: Uncontrolled search path element in CREATE EXTENSION

A flaw was found in PostgreSQL, where some PostgreSQL extensions did not use the searchpath safely in their installation script. This flaw allows an attacker with sufficient privileges to trick an administrator into executing a specially crafted script during the extension's installation or updat...

7.3CVSS7.1AI score0.00532EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2016/05/31 12:0 a.m.7 views

The vulnerability of the PHP interpreter, which allows a hacker to trigger a service failure

The vulnerability of the phppgsqlmetadata function pgsql.c in the PostgreSQL interpreter for PHP is related to errors during the checking of table names. Exploiting this vulnerability allows a malicious actor to cause service failure such as deallocation of memory or termination of the applicatio...

5CVSS7.4AI score0.06393EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2016/05/16 10:59 a.m.37 views

Null pointer dereference

The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...

5CVSS7.1AI score0.07758EPSS
Exploits1References11Affected Software2
CVE
CVE
added 2016/05/16 10:0 a.m.265 views

CVE-2015-4644

CVE-2015-4644 affects the PHP pgsql extension: the php_pgsql_meta_data function in pgsql.c does not validate token extraction for table names. This can allow remote attackers to trigger a denial of service (NULL pointer dereference and application crash). Affected PHP versions are the PostgreSQL ...

7.5CVSS8.1AI score0.06393EPSS
Exploits0References11Affected Software1
RedHat Linux
RedHat Linux
added 2015/07/09 6:53 p.m.4 views

php: NULL pointer dereference in php_pgsql_meta_data()

The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...

7.5CVSS6.8AI score0.06393EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/25 8:31 a.m.3 views

php: NULL pointer dereference in php_pgsql_meta_data()

The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...

7.5CVSS6.8AI score0.06393EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/04 8:6 a.m.5 views

php: NULL pointer dereference in pgsql extension

A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to a function such as pginsert or pgselect could cause a PHP application to crash...

5CVSS6.6AI score0.07758EPSS
Exploits1References4
CNVD
CNVD
added 2015/03/31 12:0 a.m.5 views

PHP PostgreSQL Extension Denial of Service Vulnerability

PHP is a popular programming language. The buildtablename function in pgsql.c in the PHP PostgreSQL extension fails to properly verify table name tokens, allowing remote attackers to exploit the vulnerability to conduct denial of service attacks via specially crafted table names...

5CVSS6.9AI score0.07758EPSS
Exploits1References1
Prion
Prion
added 2015/03/30 10:59 a.m.32 views

Null pointer dereference

The buildtablename function in pgsql.c in the PostgreSQL aka pgsql extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted name...

5CVSS7.3AI score0.07758EPSS
Exploits1References12Affected Software2
EUVD
EUVD
added 2015/03/30 10:0 a.m.1 views

EUVD-2015-1491

The buildtablename function in pgsql.c in the PostgreSQL aka pgsql extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted name...

5CVSS6.9AI score0.07758EPSS
Exploits1References18
OSV
OSV
added 2015/03/03 9:16 p.m.19 views

MGASA-2015-0090 Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2015-1351. It was...

7.5CVSS8.7AI score0.43146EPSS
Exploits11References4
Rows per page
Query Builder