EUVD-2022-5860

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2009-2940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping...

RHEL 6 : pygresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - PyGreSQL: Missing a function to call PQescapeStringConn CVE-2009-2940 Note that Nessus has not tested for this issu...

SUSE CVE-2009-2940

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

Ubuntu: Security Advisory (USN-870-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-XV6X-43GQ-4HFJ PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection

PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a...

PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection

PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a...

Debian DSA-1911-1 : pygresql - missing escape function

It was discovered that pygresql, a PostgreSQL module for Python, was missing a function to call PQescapeStringConn. This is needed, because PQescapeStringConn honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The new...

USN-870-1: PyGreSQL vulnerability

Steffen Joeris discovered that PyGreSQL 3.8 did not use PostgreSQL's safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL's escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Becau...

Ubuntu 8.04 LTS / 8.10 : pygresql vulnerability (USN-870-1)

Steffen Joeris discovered that PyGreSQL 3.8 did not use PostgreSQL's safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL's escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Becau...

DEBIAN-CVE-2009-2940

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

Code injection

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

redshift-query (>=0.0.1 <=0.1.4) potentially affected by CVE-2009-2940 via pygresql (=5.2.5)

pygresql PYPI version =5.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on pygresql and may be impacted: - redshift-query =0.0.1, =0.1.4 Source cves: CVE-2009-2940 Source advisory: OSV:PYSEC-2009-18...

PYSEC-2009-18

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

CVE-2009-2940

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

CVE-2009-2940

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

PYSEC-2009-18

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

aepp (>=0.0.5 <=0.2.0), brian-lib (>=0.1.2 <=0.2.6) +5 more potentially affected by CVE-2009-2940 via pygresql (>=6.0.0 <=6.2.3)

pygresql PYPI version =6.0.0, =0.0.5, =0.1.2, =0.0.2, =0.0.4, =0.0.2, =0.0.2, =0.0.2, =0.0.9 Source cves: CVE-2009-2940 Source advisory: OSV:PYSEC-2009-18...

CVE-2009-2940

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

CVE-2009-2940

The CVE-2009-2940 entry concerns the PyGreSQL (pygresql) module for Python, specifically versions 3.8.1 and 4.0. The vulnerability stems from improper support for PostgreSQL’s PQescapeStringConn, which may allow an attacker to exploit escaping issues involving multibyte character encodings. Impac...