13314 matches found
Debian: Security Advisory (DLA-4052-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PostgreSQL SQLi Vulnerability (Feb 2025) - Linux
PostgreSQL is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql...
[SECURITY] [DLA 4052-1] postgresql-13 security update
Debian LTS Advisory DLA-4052-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón February 13, 2025 https://wiki.debian.org/LTS Package : postgresql-13 Version : 13.19-0+deb11u1 CVE ID : CVE-2025-1094 A security issue was discovered in the PostgreSQL database...
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)
Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)
Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...
CVE-2025-1094 vulnerabilities
Vulnerabilities for packages: postgresql...
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
DEBIAN-CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
AZL-56791 CVE-2025-1094 affecting package postgresql for versions less than 14.16-1
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
AZL-56732 CVE-2025-1094 affecting package postgresql for versions less than 16.7-1
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
ALPINE-CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
CVE-2025-1094 vulnerabilities
Vulnerabilities for packages: postgresql...
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
UBUNTU-CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
CVE-2025-1094 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
CVE-2025-1094
CVE-2025-1094 affects PostgreSQL libpq and related command-line utilities. The issue is improper neutralization of quoting syntax in the libpq APIs PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn(), which can allow SQL injection when the application uses the func...
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
CVE-2025-1094 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...