Lucene search
K

13424 matches found

OSV
OSV
added 2024/02/20 4:9 p.m.3 views

SUSE-SU-2024:0551-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.6: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY bsc1219679...

8CVSS7.8AI score0.01465EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/02/20 3:31 p.m.5 views

org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=4.0.0 <=4.0.3), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=4.0.0 <=4.0.3) +17 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=4.0.0 <=4.0.3)

org.apache.camel:camel-sql MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =3.2.0, =3.4.0 - org.apache.camel.quar...

7.8CVSS7.1AI score0.00747EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/02/20 3:31 p.m.7 views

org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=1.0.0 <=3.21.0), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=1.0.0 <=3.21.0) +29 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=3.0.0 <=3.21.3)

org.apache.camel:camel-sql MAVEN version =3.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.18.1, =3.18.1, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =3.21.0...

7.8CVSS7.1AI score0.00747EPSS
Exploits0
Veracode
Veracode
added 2024/02/20 7:34 a.m.255 views

Sql Injection

org.postgresql, postgresql is vulnerable to Sql Injection. The vulnerability is caused due to not escaping user provided literal parameter values in SQL query when using configuration option PreferQueryMode=SIMPLE. An attacker can exploit this vulnerability to inject SQL to alter the query by...

10CVSS7.8AI score0.0481EPSS
Exploits0References10Affected Software2
OpenVAS
OpenVAS
added 2024/02/20 12:0 a.m.17 views

Mageia: Security Advisory (MGASA-2024-0043)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS8AI score0.01465EPSS
Exploits0References4
Mageia
Mageia
added 2024/02/19 5:35 p.m.37 views

Updated postgresql15 and postgresql13 packages fix a security vulnerability

The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...

8CVSS7.5AI score0.01465EPSS
Exploits0References2
OSV
OSV
added 2024/02/19 5:35 p.m.3 views

MGASA-2024-0043 Updated postgresql15 and postgresql13 packages fix a security vulnerability

The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...

8CVSS7.8AI score0.01465EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/02/19 3:30 p.m.15 views

Duplicate Advisory: SQL injection in pgjdbc

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-24rp-q3w6-vc56. This link is maintained to preserve external references. Original Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not t...

10CVSS10AI score0.0481EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2024/02/19 1:15 p.m.1 views

DEBIAN-CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

9.8CVSS8.1AI score0.0481EPSS
Exploits0References1
NVD
NVD
added 2024/02/19 1:15 p.m.22 views

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS9.7AI score0.0481EPSS
Exploits0References9
OSV
OSV
added 2024/02/19 1:15 p.m.28 views

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

9.8CVSS9.6AI score0.0481EPSS
Exploits0References9
OSV
OSV
added 2024/02/19 1:15 p.m.1 views

UBUNTU-CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS7.2AI score0.0481EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2024/02/19 1:15 p.m.48 views

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS7.1AI score0.0481EPSS
Exploits0References8
Prion
Prion
added 2024/02/19 1:15 p.m.32 views

Sql injection

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

7.5CVSS8.6AI score0.0481EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/19 12:58 p.m.28 views

CVE-2024-1597 pgjdbc SQL Injection via line comment generation

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS7.8AI score0.0481EPSS
Exploits0References7
CVE
CVE
added 2024/02/19 12:58 p.m.529 views

CVE-2024-1597

CVE-2024-1597 affects the PostgreSQL JDBC Driver (libpgjava) used with pgjdbc. The vulnerability exists when PreferQueryMode=SIMPLE is enabled (not the default); an attacker can inject SQL to alter queries. Affected versions include before 42.7.2, and older 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42....

10CVSS9.8AI score0.0481EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2024/02/19 12:58 p.m.42 views

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS9.1AI score0.0481EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/19 8:12 a.m.37 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to buffer overflow due to PostgreSQL (CVE-2023-5869)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-5869 DESCRIPTION: PostgreSQL is vulnerable to a buffer overflow, caused by improper bounds checking by the SQL array values. By...

8.8CVSS9.1AI score0.04322EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/19 8:7 a.m.29 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to security bypass due to PostgreSQL (CVE-2023-39418)

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-39418 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by...

4.3CVSS5.9AI score0.00964EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.3 views

PT-2024-1805

Name of the Vulnerable Software and Affected Versions pgjdbc versions prior to 42.7.2 pgjdbc versions prior to 42.6.1 pgjdbc versions prior to 42.5.5 pgjdbc versions prior to 42.4.4 pgjdbc versions prior to 42.3.9 pgjdbc versions prior to 42.2.28 Description The PostgreSQL JDBC Driver has a SQL...

10CVSS7.8AI score0.0481EPSS
Exploits0References107
Rows per page
Query Builder