13198 matches found
CVE-2023-1934
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...
Code injection
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...
CVE-2023-1934
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...
CVE-2023-1934
CVE-2023-1934 concerns SDG Technologies SDG PnPSCADA. The vulnerability is an unauthenticated, error-based PostgreSQL injection affecting the hitlogcsv.jsp endpoint, allowing remote attackers to read/modify data in the underlying database. Reported impact includes access to ICS/OT data and other ...
CVE-2023-1934
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL versions 11 through 15,...
CVE-2023-2454
schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code...
PostgreSQL 11.x < 11.20, 12.x < 12.15, 13.x < 13.11, 14.x < 14.8, 15.x < 15.3 Multiple Vulnerabilities - Windows
PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL versions 11 through 15,...
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
PostgreSQL 11.x < 11.20, 12.x < 12.15, 13.x < 13.11, 14.x < 14.8, 15.x < 15.3 Multiple Vulnerabilities - Linux
PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...
RHEL 9 : postgresql-jdbc (RHSA-2023:2378)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:2378 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...
UBUNTU-CVE-2023-2454
schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code...
[SECURITY] [DSA 5401-1] postgresql-13 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5401-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 11, 2023 https://www.debian.org/security/faq -...
postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes
PostgreSQL Project reports This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users...
postgresql-server -- Row security policies disregard user ID changes after inlining
PostgreSQL Project reports While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned...
PT-2023-3021 · Postgresql · Postgresql
Name of the Vulnerable Software and Affected Versions: PnPSCADA affected versions not specified Description: The PnPSCADA system is affected by a critical unauthenticated error-based PostgreSQL Injection vulnerability. This security flaw is present within the "hitlogcsv.jsp" endpoint, allowing...
KLA49176 Multiple vulnerabilities in PostgreSQL
Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Information disclosure vulnerability in Core server can be exploited remotely to obtain...
DSA-5401-1 postgresql-13 - security update
Bulletin has no description...
Vulnerability in core server (CVE-2023-2454)
CREATE SCHEMA ... schemaelement defeats protective searchpath changes This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. The PostgreSQL...