Alibaba Cloud Linux 3 : 0036: postgresql:13 (ALINUX3-SA-2023:0036)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0036 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-2625: A vulnerability was found i...

Alibaba Cloud Linux 3 : 0017: postgresql:12 (ALINUX3-SA-2021:0017)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0017 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-14349: It was found that PostgreS...

Alibaba Cloud Linux 3 : 0109: postgresql:13 (ALINUX3-SA-2023:0109)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0109 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-2454: schemaelement defeats...

K000150987: PostgreSQL pgAdmin vulnerabilities CVE-2025-2945 and CVE-2025-2946

Security Advisory Description CVE-2025-2945 Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint,...

K000150943: PostgreSQL vulnerabilities CVE-2019-10164, CVE-2020-14349, and CVE-2020-14350

Security Advisory Description CVE-2019-10164 PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often...

CVE-2017-8806 vulnerabilities

Vulnerabilities for packages: postgresql-bitnami-compat, postgresql...

Ubuntu 16.04 LTS : PostgreSQL vulnerabilities (USN-7358-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7358-1 advisory. Wolfgang Walther discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform...

USN-7358-1: PostgreSQL vulnerabilities

Wolfgang Walther discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. CVE-2024-10976 Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacke...

Important: libpq

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

K000150206: PostgreSQL vulnerabilities CVE-2019-10211, CVE-2017-7546, and CVE-2015-0244

Security Advisory Description CVE-2019-10211 Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. CVE-2017-7546 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerabl...

Advisory ROSA-SA-2025-2743

Software: postgresql14 14.13 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.13-2PGDG.0.1.rv30 CVE-ID: CVE-2023-2454 BDU-ID: 2023-03247 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to access...

GHSA-MHW9-X46C-V6Q4 vulnerabilities

Vulnerabilities for packages: postgresql...

GHSA-37XW-RPJG-XXFX vulnerabilities

Vulnerabilities for packages: postgresql...

GHSA-2R9H-X757-8J9Q vulnerabilities

Vulnerabilities for packages: postgresql...

GHSA-37V9-JH5M-F5PG vulnerabilities

Vulnerabilities for packages: postgresql...

GHSA-MHW9-X46C-V6Q4 vulnerabilities

Vulnerabilities for packages: postgresql...

CVE-2025-1094

CVE-2025-1094 affects PostgreSQL libpq and related command-line utilities. The issue is improper neutralization of quoting syntax in the libpq APIs PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn(), which can allow SQL injection when the application uses the func...

K000149702: PostgreSQL vulnerabilities CVE-2024-10977 and CVE-2024-10979

Security Advisory Description CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a...

Amazon Linux AMI : postgresql92 (ALAS-2025-1959)

The version of postgresql92 installed on the remote host is prior to 9.2.24-3.70. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1959 advisory. While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary...

Advisory ROSA-SA-2025-2666

software: postgresql 15.4 WASP: ROSA-CHROME packageevrstring: postgresql-15.4 CVE-ID: CVE-2023-5868 BDU-ID: 2023-07905 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to the lack of service data protection in function calls with aggregation...