Alibaba Cloud Linux 3 : 0171: postgresql:13 (ALINUX3-SA-2024:0171)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0171 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-7348: Time-of-check Time-of-use TOCTOU rac...

Alibaba Cloud Linux 3 : 0036: libpq (ALINUX3-SA-2025:0036)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0036 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-1094: Improper neutralization of quoting...

Debian dla-4159 : libecpg-compat3 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4159 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4159-1 [email protected] https://www.debian.org/lts/security/...

PostgreSQL DoS Vulnerability (Feb 2025) - Linux

PostgreSQL is prone to a denial of service DoS vulnerability due to a buffer over-read. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

AZL-61739 CVE-2025-4207 affecting package postgresql for versions less than 14.18-1

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

CVE-2025-4207

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

CVE-2025-4207

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL, which stems from a...

KLA83544 DoS vulnerability in PostgreSQL

Buffer over-read vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to cause denial of service. Original advisories PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation Related products PostgreSQL CVE lis...

PT-2025-20383

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.5, 16.9, 15.13, 14.18, and 13.21 Description The vulnerability is related to a buffer over-read in PostgreSQL's GB18030 encoding validation. This issue allows a database input provider to achieve temporary denia...

RockyLinux 8 : postgresql:15 (RLSA-2025:1739)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:1739 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

USN-7315-2: PostgreSQL vulnerability

USN-7315-1 fixed a vulnerability in PostgreSQL. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly use this issue to perfo...

K000151082: PostgreSQL vulnerability CVE-2021-32027

Security Advisory Description A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory...

F5 Networks BIG-IP : PostgreSQL vulnerability (K000151082)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000151082 advisory. A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While...

Tenable Security Center SQLI (TNS-2025-06)

According to its self-reported version, the Tenable Security Center running on the remote host is version 6.5.0 or 6.5.1. It is, therefore, affected by a vulnerability as referenced in the TNS-2025-06 advisory. - Improper neutralization of quoting syntax in PostgreSQL libpq functions...

Advisory ROSA-SA-2025-2828

Software: postgresql14 14.16 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.16-1PGDG.rv30 CVE-ID: CVE-2024-10976 BDU-ID: 2024-09684 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CREATE POLICY row-protected table security policy of the PostgreSQL database management system is...

Advisory ROSA-SA-2025-2788

Software: postgresql 9.2.24 OS: rosa-server79 packageevrstring: postgresql-9.2.24-9.0.4.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, arraysubscripthandler functions of the PostgreSQL database management system is related...

Security Bulletin: IBM Sterling Connect:Direct Web Services 6.1 is affected by PostgreSQL vulnerability.

Summary IBM Connect:Direct Web Services uses PostgreSQL and is vulnerable to CVE-2025-1094. Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn...

K000150746: PostgreSQL vulnerabilities CVE-2021-32028 and CVE-2021-32029

Security Advisory Description CVE-2021-32028 A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data...

K000150744: PostgreSQL vulnerability CVE-2025-1094

Security Advisory Description Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requir...