Vendor
PostgreSQL JDBC Driver Vulnerability Allows Denial of Service
2 rules 1 TTPA remote, anonymous attacker can exploit a vulnerability in the PostgreSQL JDBC Driver to perform a denial-of-service attack, impacting availability.
Multiple Vulnerabilities in PostgreSQL Allow for Remote Code Execution and Data Breach
2 rules 6 TTPs 4 CVEsMultiple vulnerabilities in PostgreSQL versions 14.x, 15.x, 16.x, 17.x and 18.x could allow for arbitrary code execution, remote denial of service, and data breach, potentially leading to complete system compromise.
Multiple Vulnerabilities in PostgreSQL Allow for Remote Code Execution, Denial of Service, and Information Disclosure
2 rules 3 TTPsMultiple vulnerabilities in PostgreSQL could be exploited by an attacker to execute arbitrary code, conduct a denial of service attack, disclose information, manipulate files, conduct a SQL injection attack, and bypass security measures.
Kysely JSON-path Injection Vulnerability
2 rules 1 TTP 1 CVEA JSON-path traversal injection vulnerability exists in Kysely versions prior to 0.28.16, allowing attackers to traverse JSON sub-fields outside the intended scope, potentially leading to unauthorized read and write access to sensitive data in MySQL, PostgreSQL, and SQLite databases due to insufficient sanitization of JSON-path metacharacters in the `JSONPathBuilder.key()` and `.at()` functions.
pgjdbc SCRAM Authentication CPU Exhaustion DoS
2 rules 1 TTP 1 CVEpgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication, where a malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count, leading to CPU exhaustion.