Debian dla-4180 : pgbouncer - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4180 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4180-1 [email protected]...

SUSE SLES15 Security Update : postgresql13 (SUSE-SU-2025:01705-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01705-1 advisory. Upgrade to 13.21: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fail...

Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to 13.21: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/13.21/ Patch Instructions: T...

SUSE-SU-2025:01705-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to 13.21: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/13.21/...

Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...

CVE-2024-47074

DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java,...

CVE-2024-29955

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...

CVE-2024-24213

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

CVE-2024-53947

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887...

CVE-2023-2785

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...

CVE-2023-33967

EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0...

CVE-2023-28630

GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally...

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

CVE-2023-32305

aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the...

CVE-2023-3264

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

CVE-2022-45786

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

openSUSE 15 Security Update : postgresql13 (SUSE-SU-2025:01654-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01654-1 advisory. Upgrade to 13.21: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation...

SUSE SLES15 / openSUSE 15 Security Update : postgresql14 (SUSE-SU-2025:01661-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01661-1 advisory. Upgrade to 14.18: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for...

CVE-2021-33570

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...