13409 matches found
CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...
CVE-2024-4317
The CVE-2024-4317 issue affects PostgreSQL built-ins pg_stats_ext and pg_stats_ext_exprs, where missing authorization checks allow an unprivileged user to read statistics (e.g., most common values) from other users’ CREATE STATISTICS data. Affected versions are within major series 14–16, specific...
CVE-2024-4317
Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...
CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...
Vulnerability in core server (CVE-2024-4317)
Restrict visibility of "pgstatsext" and "pgstatsextexprs" entries to the table owner Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other user...
PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't.
PostgreSQL project reports: A security vulnerability was found in the system views pgstatsext and pgstatsextexprs, potentially allowing authenticated database users to see data they shouldn't. If this is of concern in your installation, run the SQL script...
KLA67224 Security vulnerability in PostgreSQL
Security vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories PostgreSQL: CVE-2024-4317: Restrict visibility of “pgstatsext” and “pgstatsextexprs” entries to the table owner Related products PostgreSQL CVE list...
CVE-2024-2860
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...
CVE-2024-2860
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...
CVE-2024-2860
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...
CVE-2024-2860
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...
CVE-2024-2860
The CVE-2024-2860 entry concerns Brocade SANnav. The affected software is SANnav, with the vulnerable component being the PostgreSQL implementation prior to version 2.3.0a. The root cause is an incorrect local authentication flaw that lets an attacker who can access the VM running SANnav read dat...
Broadcom Brocade SANnav 访问控制错误漏洞
Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom, Inc. A security vulnerability exists in versions prior to Broadcom Brocade SANnav 2.3.0a that stems from the vulnerability of the PostgreSQL implementation to an incorrect local authentication flaw that allows an attack...
PT-2024-3323
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 14.12 PostgreSQL versions prior to 15.7 PostgreSQL versions prior to 16.3 Description: The issue is related to errors in managing privileges in the PostgreSQL database system, specifically in the pg stats ext and ...
PT-2024-22492 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.0a Description: The PostgreSQL implementation in Brocade SANnav is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where Brocade SANnav is installed can gain access to...
CVE-2024-34532
A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module aka querydeluxe 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::getresultfromquery...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to security bypass due to PostgreSQL (CVE-2024-0985)
Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to security bypass due to PostgreSQL (CVE-2024-0985)
Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to a denial of service due to PostgreSQL (CVE-2023-5870)
Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-5870 DESCRIPTION: PostgreSQL is vulnerable to a denial of service, caused by a flaw in the pgsignalbackend role. By sending a...