Lucene search
K

195 matches found

Vulnrichment
Vulnrichment
•added 2024/08/08 1:0 p.m.•40 views

CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

8.8CVSS7.7AI score0.01565EPSS
Exploits0References1
CVE
CVE
•added 2024/08/08 1:0 p.m.•394 views

CVE-2024-7348

TOCTOU race in pg_dump (CVE-2024-7348) allows the object creator to run arbitrary SQL functions as the pg_dump user (often a superuser) by replacing a relation type with a view or foreign table. The attack requires waiting for pg_dump to start; success is facilitated if an open transaction is hel...

8.8CVSS9AI score0.01565EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
•added 2024/08/08 1:0 p.m.•16 views

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

8.8CVSS8.4AI score0.01565EPSS
Exploits0
Cvelist
Cvelist
•added 2024/08/08 1:0 p.m.•43 views

CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

8.8CVSS0.01565EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2024/08/08 1:0 p.m.•22 views

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

8.8CVSS8.2AI score0.01565EPSS
Exploits0
Tenable Nessus
Tenable Nessus
•added 2024/08/08 12:0 a.m.•33 views

FreeBSD : PostgreSQL -- Prevent unauthorized code execution during pg_dump (48e6d514-5568-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 48e6d514-5568-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL...

8.8CVSS7.7AI score0.01565EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2024/08/08 12:0 a.m.•27 views

PostgreSQL -- Prevent unauthorized code execution during pg_dump

PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pgdump session with the privileges of the role running pgdump which is often a superuser. The attack involves replacing a sequence or similar object...

8.8CVSS8.1AI score0.01565EPSS
Exploits0References1
PostrgeSql
PostrgeSql
•added 2024/08/08 12:0 a.m.•278 views

Vulnerability in core server (CVE-2024-7348)

PostgreSQL relation replacement during pgdump executes arbitrary SQL Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another...

8.8CVSS8.1AI score0.01565EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
•added 2024/06/03 12:0 a.m.•21 views

RHEL 6 : postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: Start scripts permit database administrator to modify root-owned files CVE-2017-15097 -...

8.8CVSS7.7AI score0.14142EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
•added 2024/04/27 12:0 a.m.•20 views

RHEL 7 : rh-postgresql10-postgresql (RHSA-2018:3757)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3757 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version:...

9.8CVSS7.9AI score0.0515EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
•added 2023/10/04 12:0 a.m.•27 views

Fedora 38 : pgadmin4 (2023-8cc61c8b14)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8cc61c8b14 advisory. Backport fix for CVE-2023-5002. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

8.8CVSS7.9AI score0.0147EPSS
Exploits0References2
Veracode
Veracode
•added 2023/09/27 8:51 a.m.•27 views

Remote Code Execution

pgadmin4 is vulnerable to Remote Code Execution. The vulnerability is caused by a missing validation in the pgAdmin server HTTP API - validatebinarypath that is used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. This can result in an...

8.8CVSS7.7AI score0.0147EPSS
Exploits0References6Affected Software1
OSV
OSV
•added 2023/09/22 3:30 p.m.•27 views

GHSA-GHP8-52VX-77J4 pgAdmin failed to properly control the server code

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an...

6CVSS7.1AI score0.0147EPSS
Exploits0References7
Github Security Blog
Github Security Blog
•added 2023/09/22 3:30 p.m.•28 views

pgAdmin failed to properly control the server code

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an...

8.8CVSS7.1AI score0.0147EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
•added 2023/09/22 1:31 p.m.•43 views

CVE-2023-5002 Pgadmin4: remote code execution by an authenticated user

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

6CVSS8.9AI score0.0147EPSS
Exploits0References4
CVE
CVE
•added 2023/09/22 1:31 p.m.•2578 views

CVE-2023-5002

CVE-2023-5002 affects pgAdmin’s server HTTP API where path validation for external PostgreSQL utilities (e.g., pg_dump/pg_restore) was insufficient. An authenticated user could cause the server to execute arbitrary commands due to improper control of server-side code. Reports across multiple sour...

8.8CVSS7.2AI score0.0147EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
•added 2023/09/22 1:31 p.m.•19 views

CVE-2023-5002 Pgadmin4: remote code execution by an authenticated user

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

6CVSS6.9AI score0.0147EPSS
Exploits0References4
Broadcom
Broadcom
•added 2023/05/19 12:0 a.m.•41 views

CVE-2018-16850 - SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING.

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.More at:...

8CVSS9.6AI score0.0515EPSS
Exploits0
Prion
Prion
•added 2023/03/27 9:15 p.m.•24 views

Design/Logic Flaw

GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally...

1.4CVSS4.9AI score0.00254EPSS
Exploits0References4Affected Software1
OSV
OSV
•added 2022/12/13 6:30 p.m.•158 views

GHSA-3V6V-2X6P-32MC pgadmin4 vulnerable to Code Injection

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

8.8CVSS8.5AI score0.79933EPSS
Exploits0References5
Rows per page
Query Builder