RHEL 7 : postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: psql's \gset allows overwriting specially treated variables CVE-2020-25696 - postgresql:...

RHEL 6 : postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: psql's \gset allows overwriting specially treated variables CVE-2020-25696 - postgresql: Buff...

RHEL 8 : postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - PostgreSQL: Postgres JDBC driver does not perform host name validation by default CVE-2018-10936 -...

postgresql-jdbc security update

An update is available for postgresql-jdbc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management syste...

RLSA-2024:1436 Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597...

postgresql security update

An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system DBM...

RLSA-2024:0951 Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

SQL Injection

Npgsql is vulnerable to SQL injection. The vulnerability is caused by an integer overflow in the WriteBind method within NpgsqlConnector.FrontendMessages.cs, which leads to miscalculated message lengths when constructing PostgreSQL protocol messages. This allows attackers to manipulate message...

CVE-2024-4317

A flaw was found in PostgreSQL. Missing authorization in the built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the...

FreeBSD : PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't. (d53c30c1-0d7b-11ef-ba02-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d53c30c1-0d7b-11ef-ba02-6cc21735f730 advisory. - Restrict visibility of pgstatsext and pgstatsextexprs entries to the table ownermore details...

[SECURITY] [DLA 3812-1] libpgjava security update

Debian LTS Advisory DLA-3812-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 09, 2024 https://wiki.debian.org/LTS Package : libpgjava Version : 42.2.5-2+deb10u4 CVE ID : CVE-2024-1597 A possible SQL injection vulnerability was found in libpgjava, the...

SQL Injection

Overview Npgsql is a .NET data provider for PostgreSQL. Affected versions of this package are vulnerable to SQL Injection by overflowing the sum of the integer and parameter lengths in NpgsqlConnector.FrontendMessages.cs, allowing arbitrary SQL to be injected into a PostgreSQL protocol message if...

CVE-2024-32655

Summary of CVE-2024-32655 (Npgsql) : The vulnerability arises in the WriteBind() implementation of Npgsql, where int variables used to track the Postgres protocol message length and the sum of parameter lengths overflow when the total exceeds integer capacity. This causes the constructed message ...

CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

CVE-2024-32655

Removed by vendor...

CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...

CVE-2024-4317

The CVE-2024-4317 issue affects PostgreSQL built-ins pg_stats_ext and pg_stats_ext_exprs, where missing authorization checks allow an unprivileged user to read statistics (e.g., most common values) from other users’ CREATE STATISTICS data. Affected versions are within major series 14–16, specific...

CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...