SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bitbucket Data Center and Server

This High severity org.postgresql:postgresql Dependency vulnerability was introduced in version 8.0 of Bitbucket Data Center. A version of the PostgreSQL JDBC driver is bundled in the Mesh Application /app/WEB-INF/mesh/mesh-app.jar however Mesh does not use the PostgreSQL driver, rather it uses a...

org.postgresql:postgresql Dependency in Bitbucket Data Center and Server

This High severity org.postgresql:postgresql Dependency vulnerability was introduced in version 8.0 of Bitbucket Data Center. A version of the PostgreSQL JDBC driver is bundled in the Mesh Application /app/WEB-INF/mesh/mesh-app.jar however Mesh does not use the PostgreSQL driver, rather it uses a...

KLA80205 SB vulnerability in PostgreSQL

SQL injection vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation Related products PostgreSQL CVE list CVE-2025-10...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, etc. A security vulnerability exists in PostgreSQL. A security vulnerability...

FreeBSD : PostgreSQL -- PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation (fadf3b41-ea19-11ef-a540-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fadf3b41-ea19-11ef-a540-6cc21735f730 advisory. The PostgreSQL Project reports: Improper neutralization of quoting syntax in PostgreSQL libpq functions...

PT-2025-22574 · Astra Linux +5 · Astra Linux Special Edition +5

Уязвимость функций PQescapeLiteral, PQescapeIdentifier, PQescapeString и PQescapeStringConn библиотеки libpq системы управления базами данных PostgreSQL связана с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить...

Debian dla-4052 : libecpg-compat3 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4052 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4052-2 [email protected] https://www.debian.org/lts/security/...

OPENSUSE-SU-2025:14805-1 postgresql13-13.19-1.1 on GA media

These are all security issues fixed in the postgresql13-13.19-1.1 package on the GA media of openSUSE Tumbleweed...

PostgreSQL -- PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

The PostgreSQL Project reports: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection...

OPENSUSE-SU-2025:14807-1 postgresql15-15.11-1.1 on GA media

These are all security issues fixed in the postgresql15-15.11-1.1 package on the GA media of openSUSE Tumbleweed...

VulnCheck KEV: CVE-2025-1094

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application...

PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

pgjdbc, the PostgreSQL JDBC Driver, allows an attacker to inject SQL if using PreferQueryMode=SIMPLE. Note, this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a...

PostgreSQL Vulnerable to Privileged Execution of Arbitrary SQL due to Late Privilege Drop in 'REFRESH MATERIALIZED VIEW CONCURRENTLY'

An authenticated attacker that has created a materialized view could run arbitrary SQL commands on a PostgreSQL server if a victim runs REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's view. If the victim is a superuser this could result in full compromise of the PostgreSQL server...

Vulnerability in core server (CVE-2025-1094)

PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL...

PostgreSQL Vulnerable to Privilege Escalation via Improper Checks in 'pg_stats_ext' and 'pg_stats_ext_exprs' Functions

PostgreSQL is vulnerable to privilege escalation. An attacker could exploit this to access views without correct privileges, potentially gaining access to sensitive data that they shouldn't have access to...

PostgreSQL Vulnerable to Denial-of-Service (DoS) in 'pg_signal_backend()'

PostgreSQL contains a denial-of-service DoS vulnerability. An attacker with superuser permissions could exploit this issue to cause the database to crash...

DLA-4052-1 postgresql-13 - security update

Bulletin has no description...

OPENSUSE-SU-2025:14808-1 postgresql16-16.7-1.1 on GA media

These are all security issues fixed in the postgresql16-16.7-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2025-6477

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.3 PostgreSQL versions prior to 16.7 PostgreSQL versions prior to 15.11 PostgreSQL versions prior to 14.16 PostgreSQL versions prior to 13.19 Description The issue is related to improper neutralization of quoting...

The vulnerability of the Active Support PostgreSQL Ruby interpreter component, which allows a hacker to trigger a service failure.

The vulnerability of the Active Support PostgreSQL Ruby interpreter’s component is related to insufficient validation of data entered by users in the Inflector.underscore. Exploiting this vulnerability can allow an attacker to cause service failures remotely...