9 matches found
CVE-2025-56157
CVE-2025-56157 affects Dify up to version 1.5.1, where default PostgreSQL credentials are defined in the docker-compose.yaml in the source. The vulnerability arises from hard-coded credentials, with the database (PostgreSQL on port 5432) referenced in the config; supplier notes that the Docker se...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
Linux Distros Unpatched Vulnerability : CVE-2021-3515
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft ...
AlmaLinux 9 : postgresql:16 (ALSA-2024:10788)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:10788 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...
SUSE CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
DEBIAN-CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
UBUNTU-CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
PT-2021-4271 · Pglogical · Pglogical
Name of the Vulnerable Software and Affected Versions: pglogical versions before 2.3.4 pglogical versions before 3.6.26 Description: The issue is related to a lack of input data sanitization in the pglogical system, which can be exploited to gain access to confidential data, compromise data...
USN-258-1: PostgreSQL vulnerability
Akio Ishida discovered that the SET SESSION AUTHORIZATION command did not properly verify the validity of its argument. An authenticated PostgreSQL user could exploit this to crash the server. However, this does not affect the official binary Ubuntu packages. The crash can only be triggered if th...