Lucene search
K

107 matches found

Atlassian
Atlassian
added 2024/04/10 7:45 a.m.57 views

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Jira Software Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. Jira Software Data Center is unaffected by...

10CVSS9.7AI score0.0481EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/03/21 3:34 a.m.45 views

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity...

10CVSS7.9AI score0.0481EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/20 12:0 a.m.46 views

Oracle Linux 9 : postgresql-jdbc (ELSA-2024-1436)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-1436 advisory. 42.2.28-1 - rebase to 42.2.28 - fix for CVE-2024-1597 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

10CVSS7.8AI score0.0481EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 7:37 p.m.69 views

Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities (CVE-2024-1597, CVE-2023-26159)

Summary IBM Security Verify Information Queue ISIQ v10.0.8 has addressed vulnerabilities in the third-party libraries with an update. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted...

10CVSS8.6AI score0.0481EPSS
Exploits1Affected Software1
OSV
OSV
added 2024/03/06 11:2 a.m.38 views

BIT-POSTGRESQL-JDBC-DRIVER-2022-21724 Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

9.8CVSS8.4AI score0.0301EPSS
Exploits1References7
OSV
OSV
added 2024/03/06 11:2 a.m.35 views

BIT-POSTGRESQL-JDBC-DRIVER-2022-26520

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

9.8CVSS9.3AI score0.02999EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:2 a.m.31 views

BIT-POSTGRESQL-JDBC-DRIVER-2022-41946 TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

5.5CVSS5.3AI score0.0048EPSS
Exploits1References7
OSV
OSV
added 2024/02/19 3:30 p.m.13 views

GHSA-XFG6-62PX-CXC2 Duplicate Advisory: SQL injection in pgjdbc

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-24rp-q3w6-vc56. This link is maintained to preserve external references. Original Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not t...

10CVSS7AI score0.0481EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2024/02/19 3:30 p.m.15 views

Duplicate Advisory: SQL injection in pgjdbc

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-24rp-q3w6-vc56. This link is maintained to preserve external references. Original Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not t...

10CVSS10AI score0.0481EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2024/02/19 1:15 p.m.22 views

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS9.7AI score0.0481EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2024/02/19 1:15 p.m.49 views

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS7.1AI score0.0481EPSS
Exploits0References8
OSV
OSV
added 2024/02/19 12:58 p.m.28 views

CVE-2024-1597 pgjdbc SQL Injection via line comment generation

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS7.1AI score0.0481EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2024/02/19 12:58 p.m.28 views

CVE-2024-1597 pgjdbc SQL Injection via line comment generation

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS7.8AI score0.0481EPSS
Exploits0References7
CVE
CVE
added 2024/02/19 12:58 p.m.539 views

CVE-2024-1597

CVE-2024-1597 affects the PostgreSQL JDBC Driver (libpgjava) used with pgjdbc. The vulnerability exists when PreferQueryMode=SIMPLE is enabled (not the default); an attacker can inject SQL to alter queries. Affected versions include before 42.7.2, and older 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42....

10CVSS9.8AI score0.0481EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2024/02/19 12:58 p.m.30 views

CVE-2024-1597 pgjdbc SQL Injection via line comment generation

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS9.9AI score0.0481EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2024/02/19 12:58 p.m.43 views

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS9.1AI score0.0481EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/02/19 12:58 p.m.24 views

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS10AI score0.0481EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.3 views

PT-2024-1805

Name of the Vulnerable Software and Affected Versions pgjdbc versions prior to 42.7.2 pgjdbc versions prior to 42.6.1 pgjdbc versions prior to 42.5.5 pgjdbc versions prior to 42.4.4 pgjdbc versions prior to 42.3.9 pgjdbc versions prior to 42.2.28 Description The PostgreSQL JDBC Driver has a SQL...

10CVSS7.8AI score0.0481EPSS
Exploits0References107
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.12 views

Rocky Linux 8 : postgresql-jdbc (RLSA-2020:3176)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:3176 advisory. - PostgreSQL JDBC Driver aka PgJDBC before 42.2.13 allows XXE. CVE-2020-13692 Note that Nessus has not tested for this issue but has instead relied only on the...

7.7CVSS7.5AI score0.04094EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.32 views

PaperCut NG < 20.1.9 / 21.x < 21.2.13 / 22.x < 22.1.3 Multiple Vulnerabilities

The version of PaperCut NG installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - An authentication bypass exists that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut host’s file storage. This could exhaust system...

9.8CVSS7.7AI score0.78696EPSS
Exploits2References4
Rows per page
Query Builder