SUSE SLES12 Security Update : postgresql16 (SUSE-SU-2024:0546-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0546-1 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql16 (SUSE-SU-2024:0550-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0550-1 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to...

SUSE SLES15 / openSUSE 15 Security Update : postgresql14 (SUSE-SU-2024:0552-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0552-1 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQ...

SUSE-SU-2024:0552-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.11: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY bsc1219679...

SUSE-SU-2024:0551-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.6: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY bsc1219679...

org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=4.0.0 <=4.0.3), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=4.0.0 <=4.0.3) +17 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=4.0.0 <=4.0.3)

org.apache.camel:camel-sql MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =3.2.0, =3.4.0 - org.apache.camel.quar...

org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=1.0.0 <=3.21.0), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=1.0.0 <=3.21.0) +29 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=3.0.0 <=3.21.3)

org.apache.camel:camel-sql MAVEN version =3.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.18.1, =3.18.1, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =3.21.0...

Sql Injection

org.postgresql, postgresql is vulnerable to Sql Injection. The vulnerability is caused due to not escaping user provided literal parameter values in SQL query when using configuration option PreferQueryMode=SIMPLE. An attacker can exploit this vulnerability to inject SQL to alter the query by...

Mageia: Security Advisory (MGASA-2024-0043)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0043 Updated postgresql15 and postgresql13 packages fix a security vulnerability

The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...

Updated postgresql15 and postgresql13 packages fix a security vulnerability

The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...

Duplicate Advisory: SQL injection in pgjdbc

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-24rp-q3w6-vc56. This link is maintained to preserve external references. Original Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not t...

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

DEBIAN-CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

UBUNTU-CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

Sql injection

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

CVE-2024-1597

CVE-2024-1597 affects the PostgreSQL JDBC Driver (libpgjava) used with pgjdbc. The vulnerability exists when PreferQueryMode=SIMPLE is enabled (not the default); an attacker can inject SQL to alter queries. Affected versions include before 42.7.2, and older 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42....

CVE-2024-1597 pgjdbc SQL Injection via line comment generation

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...