13424 matches found
SUSE-SU-2024:0551-1 Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgrade to 15.6: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY bsc1219679...
org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=4.0.0 <=4.0.3), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=4.0.0 <=4.0.3) +17 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=4.0.0 <=4.0.3)
org.apache.camel:camel-sql MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =3.2.0, =3.4.0 - org.apache.camel.quar...
org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=1.0.0 <=3.21.0), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=1.0.0 <=3.21.0) +29 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=3.0.0 <=3.21.3)
org.apache.camel:camel-sql MAVEN version =3.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.18.1, =3.18.1, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =3.21.0...
Sql Injection
org.postgresql, postgresql is vulnerable to Sql Injection. The vulnerability is caused due to not escaping user provided literal parameter values in SQL query when using configuration option PreferQueryMode=SIMPLE. An attacker can exploit this vulnerability to inject SQL to alter the query by...
Mageia: Security Advisory (MGASA-2024-0043)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated postgresql15 and postgresql13 packages fix a security vulnerability
The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...
MGASA-2024-0043 Updated postgresql15 and postgresql13 packages fix a security vulnerability
The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...
Duplicate Advisory: SQL injection in pgjdbc
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-24rp-q3w6-vc56. This link is maintained to preserve external references. Original Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not t...
DEBIAN-CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...
CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...
CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...
UBUNTU-CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...
CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...
Sql injection
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...
CVE-2024-1597 pgjdbc SQL Injection via line comment generation
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...
CVE-2024-1597
CVE-2024-1597 affects the PostgreSQL JDBC Driver (libpgjava) used with pgjdbc. The vulnerability exists when PreferQueryMode=SIMPLE is enabled (not the default); an attacker can inject SQL to alter queries. Affected versions include before 42.7.2, and older 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42....
CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to buffer overflow due to PostgreSQL (CVE-2023-5869)
Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-5869 DESCRIPTION: PostgreSQL is vulnerable to a buffer overflow, caused by improper bounds checking by the SQL array values. By...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to security bypass due to PostgreSQL (CVE-2023-39418)
Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-39418 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by...
PT-2024-1805
Name of the Vulnerable Software and Affected Versions pgjdbc versions prior to 42.7.2 pgjdbc versions prior to 42.6.1 pgjdbc versions prior to 42.5.5 pgjdbc versions prior to 42.4.4 pgjdbc versions prior to 42.3.9 pgjdbc versions prior to 42.2.28 Description The PostgreSQL JDBC Driver has a SQL...