Lucene search
K

76 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2010-1975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privilege...

5.5CVSS6AI score0.02658EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2010-1169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does...

8.5CVSS7.6AI score0.04081EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/02/21 12:0 a.m.15 views

PostgreSQL 13.x < 13.19 / 14.x < 14.16 / 15.x < 15.11 / 16.x < 16.7 / 17.x < 17.3 SQLi

The version of PostgreSQL installed on the remote host is 13 prior to 13.19, 14 prior to 14.16, 15 prior to 15.11, 16 prior to 16.7, or 17 prior to 17.3. As such, it is potentially affected by a vulnerability : - Improper neutralization of quoting syntax in PostgreSQL libpq functions...

8.1CVSS8.2AI score0.89472EPSS
Exploits10References2
Cvelist
Cvelist
added 2025/02/13 1:0 p.m.28 views

CVE-2025-1094 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...

8.1CVSS0.89472EPSS
Exploits10References1
FreeBSD
FreeBSD
added 2025/02/13 12:0 a.m.24 views

PostgreSQL -- PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

The PostgreSQL Project reports: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection...

8.1CVSS8AI score0.89472EPSS
Exploits10References1
Amazon
Amazon
added 2024/12/19 12:0 a.m.4 views

Important: libpq

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

8.8CVSS7.2AI score0.04422EPSS
Exploits1
CVE
CVE
added 2024/11/14 1:0 p.m.491 views

CVE-2024-10977

CVE-2024-10977 affects PostgreSQL libpq by allowing a server to send an error message that, when the client is not trusting SSL/GSS settings, can reveal arbitrary non-NUL bytes to the client (e.g., psql). Affected products/versions include PostgreSQL before the fixed point: 17.1 and older branche...

3.7CVSS3.5AI score0.0038EPSS
Exploits0References2Affected Software1
Amazon
Amazon
added 2024/10/02 12:0 a.m.5 views

Important: libpq

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

8.8CVSS7.8AI score0.01565EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/08/09 1:53 a.m.3 views

SUSE CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

8.8CVSS7.8AI score0.01565EPSS
Exploits0References27
OSV
OSV
added 2024/05/14 3:43 p.m.2 views

UBUNTU-CVE-2024-4317

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...

4.3CVSS7AI score0.00722EPSS
Exploits0References4
Amazon
Amazon
added 2024/03/06 12:0 a.m.6 views

Important: libpq

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

8CVSS8AI score0.01465EPSS
Exploits0
OSV
OSV
added 2024/02/08 1:15 p.m.1 views

DEBIAN-CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

8CVSS8.1AI score0.01465EPSS
Exploits0References1
OSV
OSV
added 2024/02/08 1:15 p.m.2 views

UBUNTU-CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

8CVSS7.5AI score0.01465EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.4 views

SUSE CVE-2006-0553

PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678...

6.5CVSS7.2AI score0.02945EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.3 views

SUSE CVE-2006-5542

backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash related to duration logging of V3-protocol Execute messages for 1 COMMIT and 2 ROLLBACK SQL statements...

4CVSS7.2AI score0.01876EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.4 views

SUSE CVE-2010-1169

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrar...

8.5CVSS7.6AI score0.04081EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2021/05/13 12:0 a.m.29 views

CVE-2021-32029

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...

6.5CVSS6.8AI score0.01398EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.49 views

NewStart CGSL MAIN 6.02 : libpq Multiple Vulnerabilities (NS-SA-2021-0085)

The remote NewStart CGSL host, running version MAIN 6.02, has libpq packages installed that are affected by multiple vulnerabilities: - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creat...

8.1CVSS6.9AI score0.02586EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/12/15 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2020-2526)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.6AI score0.4644EPSS
Exploits0References2
OSV
OSV
added 2020/11/16 1:15 a.m.2 views

ALPINE-CVE-2020-25695

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

8.8CVSS7.6AI score0.4644EPSS
Exploits0References1
Rows per page
Query Builder