13409 matches found
RHEL 5 : postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: Improper randomization of pgcrypto functions requiring random seed CVE-2013-1900 - postgresql...
RHEL 7 : postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: psql's \gset allows overwriting specially treated variables CVE-2020-25696 - postgresql:...
RHEL 6 : jdbc-postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes CVE-2022-21724 Note that Nessus has no...
RHEL 8 : postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - PostgreSQL: Postgres JDBC driver does not perform host name validation by default CVE-2018-10936 -...
RHEL 6 : postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: psql's \gset allows overwriting specially treated variables CVE-2020-25696 - postgresql: Buff...
RHEL 6 : postgresql-jdbc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql-jdbc: Arbitrary File Write Vulnerability CVE-2022-26520 - pgjdbc is an open source postgresql...
RHEL 7 : postgresql-jdbc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql-jdbc: Arbitrary File Write Vulnerability CVE-2022-26520 - pgjdbc is an open source postgresql...
postgresql-jdbc security update
An update is available for postgresql-jdbc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management syste...
RLSA-2024:1436 Important: postgresql-jdbc security update
PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597...
RLSA-2024:0951 Important: postgresql security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
postgresql security update
An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system DBM...
SQL Injection
Npgsql is vulnerable to SQL injection. The vulnerability is caused by an integer overflow in the WriteBind method within NpgsqlConnector.FrontendMessages.cs, which leads to miscalculated message lengths when constructing PostgreSQL protocol messages. This allows attackers to manipulate message...
CVE-2024-4317
A flaw was found in PostgreSQL. Missing authorization in the built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the...
FreeBSD : PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't. (d53c30c1-0d7b-11ef-ba02-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d53c30c1-0d7b-11ef-ba02-6cc21735f730 advisory. - Restrict visibility of pgstatsext and pgstatsextexprs entries to the table ownermore details...
[SECURITY] [DLA 3812-1] libpgjava security update
Debian LTS Advisory DLA-3812-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 09, 2024 https://wiki.debian.org/LTS Package : libpgjava Version : 42.2.5-2+deb10u4 CVE ID : CVE-2024-1597 A possible SQL injection vulnerability was found in libpgjava, the...
SQL Injection
Overview Npgsql is a .NET data provider for PostgreSQL. Affected versions of this package are vulnerable to SQL Injection by overflowing the sum of the integer and parameter lengths in NpgsqlConnector.FrontendMessages.cs, allowing arbitrary SQL to be injected into a PostgreSQL protocol message if...
CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
CVE-2024-32655
Removed by vendor...