Lucene search
K

13424 matches found

RedHat Linux
RedHat Linux
added 2024/03/04 7:44 p.m.4 views

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

8CVSS7.5AI score0.01465EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/04 7:44 p.m.27 views

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

8CVSS7.3AI score0.01465EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/03/04 7:43 p.m.2 views

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

8CVSS7.5AI score0.01465EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/04 7:43 p.m.22 views

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

8CVSS7.3AI score0.01465EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/03/04 7:30 p.m.1 views

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

8CVSS7.5AI score0.01465EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/04 7:30 p.m.19 views

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

8CVSS7.3AI score0.01465EPSS
Exploits0References2
Kitploit
Kitploit
added 2024/03/04 11:30 a.m.50 views

BloodHound - Six Degrees Of Domain Admin

BloodHound is a monolithic web application composed of an embedded React frontend with Sigma.js and a Go based REST API backend. It is deployed with a Postgresql application database and a Neo4j graph database, and is fed by the SharpHound and AzureHound data collectors. BloodHound uses graph...

7.4AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/03/04 12:0 a.m.2 views

PT-2024-2157

Name of the Vulnerable Software and Affected Versions pgx versions prior to 4.18.2 Description The issue is related to SQL injection in the pgx PostgreSQL driver and toolkit for Go. It occurs when the non-default simple protocol is used, a placeholder for a numeric value is immediately preceded b...

8.7CVSS8.8AI score0.00854EPSS
Exploits0References23
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.23 views

openSUSE: Security Advisory for postgresql (SUSE-SU-2023:0103-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.8AI score0.0048EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.21 views

openSUSE: Security Advisory for postgresql, postgresql15, postgresql16 (SUSE-SU-2023:4495-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.04322EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.23 views

openSUSE: Security Advisory for libqt5 (SUSE-SU-2023:4951-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01324EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/03/01 8:8 p.m.27 views

ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 -...

10CVSS8.1AI score0.0103EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/03/01 8:8 p.m.18 views

GHSA-6927-3VR9-FXF2 ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 -...

10CVSS9.7AI score0.0103EPSS
Exploits0References7
NVD
NVD
added 2024/03/01 6:15 p.m.22 views

CVE-2024-27298

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

10CVSS9.8AI score0.0103EPSS
Exploits0References5
Prion
Prion
added 2024/03/01 6:15 p.m.14 views

Sql injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

6.4CVSS8.4AI score0.0103EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/01 5:48 p.m.25 views

CVE-2024-27298 Parse Server literalizeRegexPart SQL Injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

10CVSS10AI score0.0103EPSS
Exploits0References5
CVE
CVE
added 2024/03/01 5:48 p.m.100 views

CVE-2024-27298

CVE-2024-27298 affects parse-server (Parse Server for Node.js/Express) when configured with PostgreSQL. The underlying issue is a SQL injection in the server’s PostgreSQL handling. The vulnerability has been fixed in versions 6.5.0 and 7.0.0-alpha.20. Affected products/versions per sources includ...

10CVSS9.8AI score0.0103EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/03/01 5:48 p.m.25 views

CVE-2024-27298 Parse Server literalizeRegexPart SQL Injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

10CVSS8.8AI score0.0103EPSS
Exploits0References7
Ivanti
Ivanti
added 2024/03/01 9:41 a.m.10 views

[CVE-2024-1597] PostgreSQL - Mobileiron line products (Ivanti EPMM Reporting DB, Ivanti N-MDM/Cloud)

Last Modified Date Mar 8, 2024 9:01:56 PM...

10CVSS7.1AI score0.0481EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/03/01 3:47 a.m.2 views

SUSE CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

9.8CVSS8.6AI score0.0481EPSS
Exploits0References6
Rows per page
Query Builder