Lucene search
+L

592 matches found

RedHat Linux
RedHat Linux
added 2025/03/20 7:34 a.m.23 views

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

8.1CVSS7.4AI score0.89914EPSS
Exploits10References2
RedHat Linux
RedHat Linux
added 2025/03/20 7:28 a.m.6 views

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

8.1CVSS7.3AI score0.89914EPSS
Exploits10References7
RedHat Linux
RedHat Linux
added 2025/03/20 4:40 a.m.5 views

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

8.1CVSS7.3AI score0.89914EPSS
Exploits10References7
OSV
OSV
added 2025/03/20 12:0 a.m.12 views

ALSA-2025:3082 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security issues, including the impact, a CVSS score,...

8.1CVSS7.1AI score0.89914EPSS
Exploits10References4
AlmaLinux
AlmaLinux
added 2025/03/20 12:0 a.m.23 views

Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security issues, including the impact, a CVSS score,...

8.1CVSS7.3AI score0.89914EPSS
Exploits10References4
OSV
OSV
added 2025/03/17 8:16 p.m.13 views

RLSA-2025:1738 Important: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security...

8.1CVSS8.4AI score0.89914EPSS
Exploits10References2
Rockylinux
Rockylinux
added 2025/03/17 8:16 p.m.7 views

libpq security update

An update is available for libpq. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpq package provides the PostgreSQL client library, which allows client...

8.1CVSS8.3AI score0.89914EPSS
Exploits10
OSV
OSV
added 2025/03/17 8:16 p.m.15 views

RLSA-2025:1742 Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security issues, including the impact, a CVSS score,...

8.1CVSS8.4AI score0.89914EPSS
Exploits10References2
OSV
OSV
added 2025/03/12 2:36 p.m.5 views

USN-7348-1 python3.5, python3.8 vulnerabilities

It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu...

7.8CVSS7.1AI score0.01499EPSS
Exploits0References5
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Important: libpq

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS8.6AI score0.89914EPSS
Exploits10
Amazon
Amazon
added 2025/03/06 12:0 a.m.7 views

Important: libpq

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS8.1AI score0.89914EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.11 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2025-016)

The version of postgresql installed on the remote host is prior to 14.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2025-016 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier,...

8.1CVSS8.2AI score0.89914EPSS
Exploits10References4
Amazon
Amazon
added 2025/03/06 12:0 a.m.6 views

Important: postgresql

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS8.1AI score0.89914EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.11 views

Amazon Linux 2 : libpq (ALASPOSTGRESQL13-2025-010)

The version of libpq installed on the remote host is prior to 13.20-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL13-2025-010 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeStrin...

8.1CVSS8.2AI score0.89914EPSS
Exploits10References4
OSV
OSV
added 2025/03/05 10:59 p.m.6 views

CLSA-2025-1741215546 cups: Fix of CVE-2024-47175

CVE-2024-47175: fixed multiple PPD vulnerabilities by validating inputs, sanitizing strings, quoting localized data, and addressing warnings in cups/ppd-cache.c and scheduler/ipp.c...

9.8CVSS7.1AI score0.62474EPSS
Exploits6References1
OSV
OSV
added 2025/03/03 12:56 p.m.6 views

USN-7315-1 postgresql-12, postgresql-14, postgresql-16 vulnerability

Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly use this issue to perform SQL injection attacks...

8.1CVSS7.3AI score0.89914EPSS
Exploits10References2
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.17 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : PostgreSQL vulnerability (USN-7315-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7315-1 advisory. Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly...

8.1CVSS8.3AI score0.89914EPSS
Exploits10References2
OSV
OSV
added 2025/02/28 3:34 p.m.8 views

OESA-2025-1228 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

8.1CVSS8.1AI score0.89914EPSS
Exploits10References2
OSV
OSV
added 2025/02/28 3:34 p.m.6 views

OESA-2025-1227 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

8.1CVSS8.1AI score0.89914EPSS
Exploits10References2
Broadcom
Broadcom
added 2025/02/27 12:0 a.m.9 views

less Vulnerable to Arbitrary Code Execution via OS Command Execution via newline Character in Filename

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...

8.6CVSS7.2AI score0.00628EPSS
Exploits0
Rows per page
Query Builder