PostgreSQL JDBC Driver SQL Injection Vulnerability

PostgreSQL JDBC Driver is an open source JDBC driver written in Pure Java Type 4 for communication in the PostgreSQL native network protocol. A SQL injection vulnerability exists in the PostgreSQL JDBC Driver. An attacker can perform SQL injection in a PreferQueryMode=SIMPLE environment. Affected...

PT-2024-1805

Name of the Vulnerable Software and Affected Versions pgjdbc versions prior to 42.7.2 pgjdbc versions prior to 42.6.1 pgjdbc versions prior to 42.5.5 pgjdbc versions prior to 42.4.4 pgjdbc versions prior to 42.3.9 pgjdbc versions prior to 42.2.28 Description The PostgreSQL JDBC Driver has a SQL...

Important: postgresql

Issue Overview: This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. CVE-2023-2454 While CVE-2016-2193 fixed most interaction between row...

Important: postgresql

Issue Overview: This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. CVE-2023-2454 While CVE-2016-2193 fixed most interaction between row...

Amazon Linux 2 : postgresql (ALAS-2024-2462)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2462 advisory. This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser...

SUSE SLES15 / openSUSE 15 Security Update : postgresql12 (SUSE-SU-2024:0523-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0523-1 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQ...

SUSE-SU-2024:0522-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to 13.14: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY bsc1219679...

Debian dsa-5622 : libecpg-compat3 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5622 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5622-1...

Debian dsa-5623 : libecpg-compat3 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5623 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The comman...

Debian: Security Advisory (DSA-5623-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5622-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5623-1] postgresql-15 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5623-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5622-1] postgresql-13 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5622-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq -...

DSA-5622-1 postgresql-13 - security update

Bulletin has no description...

DSA-5623-1 postgresql-15 - security update

Bulletin has no description...

PostgreSQL 12.x < 12.18 / 13.x < 13.14 / 14.x < 14.11 / 15.x < 15.6 SQL Injection

The version of PostgreSQL installed on the remote host is 12 prior to 12.18, 13 prior to 13.14, 14 prior to 14.11, or 15 prior to 15.6. It is, therefore, affected by following vulnerability: - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to...

Privilege Escalation

postgresql is vulnerable to Privilege Escalation. The vulnerability due to unauthorized execution of arbitrary SQL functions as the command issuer with elevated privileges using REFRESH MATERIALIZED VIEW CONCURRENTLY command. It leads to an attacker creates functions that use CREATE RULE to conve...

PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

...

The vulnerability of the REFRESH MATERIALIZED VIEW CONCURRENTLY function in the PostgreSQL database management system allows attackers to execute arbitrary SQL commands.

The vulnerability of the REFRESH MATERIALIZED VIEW CONCURRENTLY function in the PostgreSQL database management system is related to privilege management errors during the processing and validation of command-line parameters. Exploiting this vulnerability allows a malicious actor to execute...

SUSE CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...