63 matches found
pg_ivm 代码问题漏洞
pgivm is a library in the SRA OSS open source . IVM Incremental View Maintenance implementation as a PostgreSQL extension. A security vulnerability exists in pgivm versions prior to 1.5.1, which stems from the presence of an uncontrolled search path element vulnerability that can be exploited by ...
Multiple vulnerabilities in PostgreSQL extension module pg_ivm
Overview pgivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pgivm contains multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2023-228...
SUSE CVE-2015-1352
The buildtablename function in pgsql.c in the PostgreSQL aka pgsql extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted name...
SUSE CVE-2015-4644
The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...
Apache AGE SQL注入漏洞
Apache AGE is a PostgreSQL extension from the Apache Foundation that provides graphical database functionality. An SQL injection vulnerability exists in the Apache AGE driver, which stems from an inability to parameterize passed values, leading to SQL injection...
postgresql: Extension scripts replace objects not belonging to the extension.
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...
php: Uninitialized array in pg_query_params() leading to RCE
A vulnerability was found in PHP due to an uninitialized array in pgqueryparams function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote...
DEBIAN-CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...
postgresql: Uncontrolled search path element in CREATE EXTENSION
A flaw was found in PostgreSQL, where some PostgreSQL extensions did not use the searchpath safely in their installation script. This flaw allows an attacker with sufficient privileges to trick an administrator into executing a specially crafted script during the extension's installation or updat...
The vulnerability of the PHP interpreter, which allows a hacker to trigger a service failure
The vulnerability of the phppgsqlmetadata function pgsql.c in the PostgreSQL interpreter for PHP is related to errors during the checking of table names. Exploiting this vulnerability allows a malicious actor to cause service failure such as deallocation of memory or termination of the applicatio...
Null pointer dereference
The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...
CVE-2015-4644
CVE-2015-4644 affects the PHP pgsql extension: the php_pgsql_meta_data function in pgsql.c does not validate token extraction for table names. This can allow remote attackers to trigger a denial of service (NULL pointer dereference and application crash). Affected PHP versions are the PostgreSQL ...
php: NULL pointer dereference in php_pgsql_meta_data()
The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...
php: NULL pointer dereference in php_pgsql_meta_data()
The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...
php: NULL pointer dereference in pgsql extension
A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to a function such as pginsert or pgselect could cause a PHP application to crash...
PHP PostgreSQL Extension Denial of Service Vulnerability
PHP is a popular programming language. The buildtablename function in pgsql.c in the PHP PostgreSQL extension fails to properly verify table name tokens, allowing remote attackers to exploit the vulnerability to conduct denial of service attacks via specially crafted table names...
Null pointer dereference
The buildtablename function in pgsql.c in the PostgreSQL aka pgsql extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted name...
EUVD-2015-1491
The buildtablename function in pgsql.c in the PostgreSQL aka pgsql extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted name...
MGASA-2015-0090 Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2015-1351. It was...