CVE-2024-23763

SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiersattribute parameter...

CVE-2024-23763

SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiersattribute parameter...

The vulnerability of the REFRESH MATERIALIZED VIEW CONCURRENTLY function in the PostgreSQL database management system allows attackers to execute arbitrary SQL commands.

The vulnerability of the REFRESH MATERIALIZED VIEW CONCURRENTLY function in the PostgreSQL database management system is related to privilege management errors during the processing and validation of command-line parameters. Exploiting this vulnerability allows a malicious actor to execute...

SUSE CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

DEBIAN-CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

AZL-34279 CVE-2024-0985 affecting package postgresql for versions less than 14.11-1

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

ALPINE-CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

CVE-2024-0985 PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

CVE-2024-0985 PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

Vulnerability in core server (CVE-2024-0985)

PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL UPDATE June 19, 2024 : Added v16 as impacted. Updated description to clarify the attack vector. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute...

CVE-2024-24811

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

CVE-2024-24811 Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

CVE-2024-24811

CVE-2024-24811 affects SQLAlchemyDA, a generic database adapter for ZSQL methods. Versions prior to 2.2 allow unauthenticated execution of arbitrary SQL on the connected database. All users are affected. The issue has been fixed in version 2.2; no workaround is available. Exploitation and in-the-...

PT-2024-20579 · Unknown · Sqlalchemyda

Name of the Vulnerable Software and Affected Versions: SQLAlchemyDA versions prior to 2.2 Description: A vulnerability in SQLAlchemyDA allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem...

PT-2024-1568 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 16.2 PostgreSQL versions prior to 15.6 PostgreSQL versions prior to 14.11 PostgreSQL versions prior to 13.14 PostgreSQL versions prior to 12.18 Description: The issue is related to a late privilege drop in the...

CVE-2022-47072

SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...

Sql injection

SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...

CVE-2022-47072

SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...

CVE-2024-23646

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter selectedIds is susceptible to SQL Injection. Any backend user with very basic...