Lucene search
K

13423 matches found

OSV
OSV
added 2024/03/06 11:2 a.m.38 views

BIT-POSTGRESQL-JDBC-DRIVER-2022-21724 Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

9.8CVSS8.4AI score0.0301EPSS
Exploits1References7
OSV
OSV
added 2024/03/06 11:2 a.m.34 views

BIT-POSTGRESQL-2023-5870 Postgresql: role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

4.4CVSS6.2AI score0.02555EPSS
Exploits0References28
OSV
OSV
added 2024/03/06 11:2 a.m.50 views

BIT-POSTGRESQL-2024-0985 PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

8CVSS8.6AI score0.01465EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:2 a.m.35 views

BIT-POSTGRESQL-JDBC-DRIVER-2022-31197 SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

8CVSS7.7AI score0.01662EPSS
Exploits1References7
OSV
OSV
added 2024/03/06 11:2 a.m.15 views

BIT-POSTGRESQL-2024-24213

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

9.8CVSS9.8AI score0.00786EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:2 a.m.31 views

BIT-POSTGRESQL-JDBC-DRIVER-2022-41946 TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

5.5CVSS5.3AI score0.0048EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.30 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-008)

The version of postgresql installed on the remote host is prior to 14.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-008 advisory. A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL...

5.9CVSS7AI score0.01501EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.21 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-006)

The version of postgresql installed on the remote host is prior to 14.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-006 advisory. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute...

8CVSS7.9AI score0.01465EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.18 views

RHEL 8 : postgresql:12 (RHSA-2024:1195)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1195 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW...

8CVSS7.8AI score0.01465EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.3 views

pgx security vulnerability

pgx is the PostgreSQL driver and toolkit for Go. A security vulnerability exists in pgx versions prior to 4.18.2 that stems from the presence of SQL injection...

8.1CVSS9.1AI score0.00854EPSS
Exploits0References5
Amazon
Amazon
added 2024/03/06 12:0 a.m.3 views

Medium: postgresql

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 Affected Packages: postgresql Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit...

5.9CVSS7AI score0.01501EPSS
Exploits0
Amazon
Amazon
added 2024/03/06 12:0 a.m.4 views

Medium: libpq

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 Affected Packages: libpq Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this...

5.9CVSS7AI score0.01501EPSS
Exploits0
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.5 views

pgx security vulnerability

pgx is a PostgreSQL driver and toolkit for Go. A security vulnerability exists in pgx that stems from SQL injection via protocol message size overflow...

9.8CVSS9.3AI score0.01109EPSS
Exploits1References8
Amazon
Amazon
added 2024/03/06 12:0 a.m.3 views

Important: libpq

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

8CVSS8AI score0.01465EPSS
Exploits0
Amazon
Amazon
added 2024/03/06 12:0 a.m.2 views

Important: postgresql

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

8CVSS8AI score0.01465EPSS
Exploits0
Amazon
Amazon
added 2024/03/06 12:0 a.m.4 views

Important: postgresql

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

8CVSS8AI score0.01465EPSS
Exploits0
Amazon
Amazon
added 2024/03/06 12:0 a.m.6 views

Important: libpq

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

8CVSS8AI score0.01465EPSS
Exploits0
Amazon
Amazon
added 2024/03/06 12:0 a.m.3 views

Important: postgresql

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

8CVSS8AI score0.01465EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/03/06 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2024:0769-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9AI score0.0481EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/06 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2024:0773-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9AI score0.0481EPSS
Exploits0References4
Rows per page
Query Builder