CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

Design/Logic Flaw

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

UBUNTU-CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

SQL Injection

Apache Age is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the cypher function allows a malicious user to inject and execute arbitrary SQL queries on the target system due to the failure to fully utilize parameterization. This only impacts PostgreSQL 11 and...

Uncontrolled Resource Consumption

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

KLA20223 OSI vulnerability in PostgreSQL

Memory disclosure vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories PostgreSQL: CVE-2022-41862 Related products PostgreSQL CVE list CVE-2022-41862 warning Solution Update to the latest version Download...

Vulnerability in client (CVE-2022-41862)

Client memory disclosure when connecting, with Kerberos, to modified server A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. When a libpq client application has a Kerberos credential cache and doesn't explicitly disable...

Huawei EulerOS: Security Advisory for postgresql-10.5 (EulerOS-SA-2023-1346)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.

PostgreSQL Project reports: A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. When a libpq client application has a Kerberos credential cache and doesn't explicitly disable option gssencmode, a server can cause libpq to...

FreeBSD : PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server. (7a8b6170-a889-11ed-bbae-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7a8b6170-a889-11ed-bbae-6cc21735f730 advisory. - PostgreSQL Project reports: A modified, unauthenticated server can send an unterminated string during...

CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

CVE-2022-44566

CVE-2022-44566 affects Rails’ ActiveRecord PostgreSQL adapter when a value outside the 64-bit signed integer range is provided, causing PostgreSQL to treat the column as numeric and potentially trigger a slow sequential scan leading to DoS. Public details confirm the vulnerability and its impact;...

EulerOS 2.0 SP8 : postgresql-10.5 (EulerOS-SA-2023-1346)

According to the versions of the postgresql-10.5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client...

The vulnerability of the PostgreSQL database management system, related to an uncontrolled search path element, allows a perpetrator to enhance their privileges and execute arbitrary commands.

The vulnerability of the PostgreSQL database management system is related to an uncontrolled element in the search path processing when handling the searchpath parameter. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands...

The vulnerability of the Windows installer in the PostgreSQL database management system allows a hacker to increase their privileges and execute arbitrary code.

The vulnerability of the Windows installer in PostgreSQL database management systems is related to incorrect handling of the search path. Exploiting this vulnerability can allow an attacker to increase their privileges and execute arbitrary code...

Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

CVE-2022-45786

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...