RHEL 8 : postgresql:12 (RHSA-2025:3062)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3062 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing...

CVE-2024-12909

A vulnerability in the FinanceChatLlamaPack of the run-llama/llamaindex repository, versions up to v0.12.3, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code executi...

Exploit for CVE-2025-1094

Analysis of CVE-2025-1094 and Emulation Setup This detailed e...

ROS-20250311-02

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

ROS-20250311-08

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

Security Bulletin: InfoSphere Data Replication is affected by postgresql vulnerbility

Summary InfoSphere Data Replication uses postgresql. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted SQL...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2025-009)

The version of postgresql installed on the remote host is prior to 13.20-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL13-2025-009 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier,...

Important: libpq

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2025-016)

The version of postgresql installed on the remote host is prior to 14.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2025-016 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier,...

Exploit for CVE-2025-1094

CVE-2025-1094 - Đây chỉ là tài liệu mang tính chất học tập...

Linux Distros Unpatched Vulnerability : CVE-2017-15097

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these...

Linux Distros Unpatched Vulnerability : CVE-2015-3166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly...

Linux Distros Unpatched Vulnerability : CVE-2015-3165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote...

K000150204: PostgreSQL vulnerability CVE-2015-3166

Security Advisory Description The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified...

USN-7315-1: PostgreSQL vulnerability

Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly use this issue to perform SQL injection attacks...

F5 Networks BIG-IP : PostgreSQL vulnerability (K000150204)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000150204 advisory. The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : PostgreSQL vulnerability (USN-7315-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7315-1 advisory. Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly...

Advisory ROSA-SA-2025-2742

Software: postgresql 13.16 OS: ROSA Virtualization 3.0 packageevrstring: postgresql-13.16-1.rv30 CVE-ID: CVE-2024-7348 BDU-ID: 2024-06153 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pgdump utility of the PostgreSQL database management system is related to null pointer dereferencing due to...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in PostgreSQL [CVE-2024-4317]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure, caused by missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs CVE-2024-4317. PostgreSQL is used by our Speech Utilities. This vulnerabilitiy has been addressed. Please rea...

Exploit for CVE-2025-1094

CVE-2025-1094: SQL Injection to RCE via WebSocket 🚀 This repo...