CVE-2025-1735

CVE-2025-1735 affects PHP pgsql and pdo_pgsql escaping functions across PHP 8.1–8.4 that do not check errors from underlying quoting functions, potentially causing crashes if the Postgres server rejects input. Affected: PHP 8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.*. Roo...

CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

PHP 安全漏洞

PHP is a scripting language for PHP that is executed server-side. A security vulnerability exists in PHP versions prior to 8.1.33, prior to 8.2.29, prior to 8.3.23, and prior to 8.4.10, which stems from a failure of the pgsql and pdopgsql escape functions to check if a referenced function is...

PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

...

Endress+Hauser MEAC300-FNADE4 Information Disclosure Vulnerability

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. The Endress+Hauser MEAC300-FNADE4 suffers from an information disclosure vulnerability that originates from local PostgreSQL database credentials stored in plaintext. An attacker...

Azure Linux 3.0 Security Update: postgresql (CVE-2025-4207)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4207 advisory. - Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve...

CBL Mariner 2.0 Security Update: postgresql (CVE-2025-4207)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4207 advisory. - Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve...

CVE-2025-4207 affecting package postgresql for versions less than 16.9-1

CVE-2025-4207 affecting package postgresql for versions less than 16.9-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-4207 affecting package postgresql for versions less than 14.18-1

CVE-2025-4207 affecting package postgresql for versions less than 14.18-1. An upgraded version of the package is available that resolves this issue...

The vulnerability of the Dataease database management system, related to improper elimination of surrogate characters, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Dataease database management system is related to the improper elimination of surrogate characters when connecting to PostgreSQL and Redshift databases. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql 13.16-1.el9_4

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql 13.16-1.el94 Vulnerability Details CVEID:CVE-2023-39418 DESCRIPTION: A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql-42.5.1.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql-42.5.1.jar Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default...

Upgrading the PostgreSQL Database Engine Software Used by Veeam Backup for Microsoft 365

Support Scope This article is provided as a courtesy to give customers a high-level explanation of how to upgrade the underlying PostgreSQL database engine used to host the Veeam Backup for Microsoft 365 configuration database. Per the Veeam Customer Support Policy, section 10: Support for Veeam...

Multiple vulnerabilities detected in PostgreSQL

Multiple PostgreSQL vulnerability updates CVE-2025-1094-PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2024-10979-PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10978-PostgreSQL SET ROLE, SET SESSION AUTHORIZATI...

postgresql-jdbc-42.7.7-1.1 on GA media (moderate)

postgresql-jdbc-42.7.7-1.1 on GA media Announcement ID: openSUSE-SU-2025:15264-1 Rating: moderate Cross-References: CVE-2025-49146 CVSS scores: CVE-2025-49146 SUSE : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2025-49146 SUSE : 8.3...

CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...

CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...

CVE-2025-1709 CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...