13299 matches found
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1731
CVE-2025-1731 concerns Zyxel USG FLEX H series devices running uOS 1.20–1.31. The issue is an incorrect permission assignment in the PostgreSQL command handling, which could let an authenticated local attacker with low privileges gain access to the Linux shell and escalate privileges by crafting ...
PT-2025-17479 · Unknown · Usg Flex H Series +1
Name of the Vulnerable Software and Affected Versions: USG FLEX H series uOS firmware versions from V1.20 through V1.31 Description: An incorrect permission assignment vulnerability in the PostgreSQL commands could allow an authenticated local attacker with low privileges to gain access to the...
Zyxel USG FLEX 安全漏洞
Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel USG FLEX versions prior to V1.32, which stems from improper assignment of...
The vulnerability of the pgCodeKeeper plugin for the PostgreSQL database, related to deserialization mechanism flaws, allows a hacker to execute arbitrary code.
The vulnerability of the pgCodeKeeper plugin for the PostgreSQL database is related to deficiencies in the deserialization mechanism in the “deserialize” method of the “Utils” class. Exploiting this vulnerability allows an attacker to execute arbitrary code through a specially crafted file with t...
The vulnerability of the pgCodeKeeper plugin for the PostgreSQL database, which involves unencrypted storage of critical information, allows a hacker to disclose the protected data.
The vulnerability of the pgCodeKeeper plugin for the PostgreSQL database is related to the unencrypted storage of critical information. Exploiting this vulnerability could allow an attacker to disclose the protected data...
K000150943: PostgreSQL vulnerabilities CVE-2019-10164, CVE-2020-14349, and CVE-2020-14350
Security Advisory Description CVE-2019-10164 PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often...
[R1] Stand-alone Security Patch Available for Tenable Security Center version 6.5.1: SC-202504.3
R1 Stand-alone Security Patch Available for Tenable Security Center version 6.5.1: SC-202504.3 Arnie Cabral Mon, 04/21/2025 - 11:03 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components postgresql was found to contain...
RHEL 7 : postgresql (RHSA-2025:3978)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3978 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the processinsertquery function in the PostgresDB class. An attacker who can control the tablename used in a query, which is passed to the seqname argument without escaping, can cause SQL to be executed. Remediation The...
RHSA-2025:3978 Red Hat Security Advisory: postgresql security update
Bulletin has no description...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
Important: Red Hat Security Advisory: postgresql security update
An update for postgresql is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
CVE-2025-2291
Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...
AZL-60437 CVE-2025-2291 affecting package pgbouncer for versions less than 1.24.1-1
Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...
UBUNTU-CVE-2025-2291
Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...
PgBouncer 安全漏洞
PgBouncer is an open source lightweight connection pool for PostgreSql from the PgBouncer community. A security vulnerability exists in PgBouncer that stems from authquery not taking into account the VALID UNTIL value of Postgres, which could lead to logging in with an expired password...