13 matches found
MiracleLinux 7 : postgresql-9.2.24-9.0.3.el7.AXS7 (AXSA:2025-9699:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9699:03 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to...
Advisory ROSA-SA-2025-2743
Software: postgresql14 14.13 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.13-2PGDG.0.1.rv30 CVE-ID: CVE-2023-2454 BDU-ID: 2023-03247 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to access...
Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-012)
The version of postgresql installed on the remote host is prior to 14.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-012 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary...
Amazon Linux 2 : libpq (ALASPOSTGRESQL12-2024-012)
The version of libpq installed on the remote host is prior to 12.20-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL12-2024-012 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL...
Amazon Linux 2 : postgresql (ALASPOSTGRESQL12-2024-011)
The version of postgresql installed on the remote host is prior to 12.20-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL12-2024-011 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary...
GLSA-202409-02 : PostgreSQL: Privilege Escalation
The remote host is affected by the vulnerability described in GLSA-202409-02 PostgreSQL: Privilege Escalation A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the...
SUSE-SU-2024:3169-1 Security update for postgresql16
This update for postgresql16 fixes the following issues: - Upgrade to 14.13 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013...
SUSE-SU-2024:3154-1 Security update for postgresql16
This update for postgresql16 fixes the following issues: - Upgrade to 14.13 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013...
OESA-2024-1977 postgresql security update
PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...
CVE-2024-7348
A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the R...
CVE-2024-7348
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
Cforms & CformsII < 14.13 - SQL Injection
...