Lucene search
K

CVE-2024-7348

🗓️ 08 Aug 2024 13:00:02Reported by Debian Security Bug TrackerType 
debiancve
 debiancve
🔗 security-tracker.debian.org👁 16 Views

Time-of-check Time-of-use (TOCTOU) race condition in pg_dump allows object creator to execute arbitrary SQL functions as user running, often a superuser. Attack involves replacing relation type with view or foreign table. Requires waiting for pg_dump to start, but winning the race condition is trivial if attacker retains open transaction. Affected versions: PostgreSQL 16.4, 15.8, 14.13, 13.16, 12.2

Related
Packages
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Vulnerability in PostgreSQL affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
11 Mar 202516:17
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by PostgreSQL TOCTOU vulnerability
12 Nov 202405:42
ibm
IBM Security Bulletins
Security Bulletin: There are multiple vulnerabilities that can affect IBM Storage Scale System that are now included
22 Oct 202420:24
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
26 Mar 202504:11
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities Affected for EDB
21 Jul 202513:52
ibm
IBM Security Bulletins
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities
27 Feb 202509:34
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
15 Apr 202503:03
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities Affected for EDB
21 Jul 202513:54
ibm
IBM Security Bulletins
Security Bulletin: The Network Threat Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
24 Mar 202618:22
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to various issues in postgresql
31 Oct 202518:37
ibm
Rows per page
OSOS VersionArchitecturePackagePackage VersionFilename
Debian11anypostgresql-1313.16-0+deb11u1postgresql-13_13.16-0+deb11u1_any.deb
Debian12anypostgresql-1515.8-0+deb12u1postgresql-15_15.8-0+deb12u1_any.deb

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

08 Aug 2024 13:00Current
8.4High risk
Vulners AI Score8.4
CVSS 3.17.5 - 8.8
EPSS0.01565
SSVC
16