The vulnerability of the ActiveRecord PostgreSQL interpreter for Ruby allows a hacker to cause a service failure.

The vulnerability of the ActiveRecord PostgreSQL interpreter for Ruby is related to insufficient validation of data entered by users. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Astra Linux – Vulnerability in PostgresSQL-15

Improper neutralization of quoting syntax in PostgreSQL’s libpq functions such as PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to exploit SQL injection attacks under certain usage patterns. Specifically, SQL injection requires the...

Azure Linux 3.0 Security Update: postgresql (CVE-2024-7348)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7348 advisory. - Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execu...

Azure Linux 3.0 Security Update: postgresql (CVE-2024-10976)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10976 advisory. - Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

Azure Linux 3.0 Security Update: postgresql (CVE-2024-10978)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10978 advisory. - Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change...

Azure Linux 3.0 Security Update: postgresql (CVE-2024-10977)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10977 advisory. - Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS...

K000149707: PostgreSQL vulnerability CVE-2024-10976

Security Advisory Description Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a...

K000149702: PostgreSQL vulnerabilities CVE-2024-10977 and CVE-2024-10979

Security Advisory Description CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a...

CVE-2021-44427

An unauthenticated SQL Injection vulnerability in Rosario Student Information System aka rosariosis before 8.1.1 allows remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter...

CVE-2022-24844

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sysautocodepgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occu...

CVE-2020-13551

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege...

CVE-2024-32979

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL...

CVE-2024-27298

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

CVE-2024-42450

The Versa Director uses PostgreSQL Postgres to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres t...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

CVE-2024-2338

PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex...

Important: postgresql92

Issue Overview: While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server memory. The...

Amazon Linux AMI : postgresql92 (ALAS-2025-1959)

The version of postgresql92 installed on the remote host is prior to 9.2.24-3.70. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1959 advisory. While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary...

CVE-2024-39309

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

ROS-20250203-15

Vulnerability in Active Support PostgreSQL component of Ruby interpreter is related to insufficient validation of user input in Active Support in Inflector.underscore. user input data in Active Support in Inflector.underscore. Exploitation of the vulnerability could allow an attacker acting...