RockyLinux 8 : postgresql:13 (RLSA-2025:1736)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:1736 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

RockyLinux 8 : libpq (RLSA-2025:1737)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:1737 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

Amazon Linux 2 : postgresql (ALAS-2025-2764)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2764 advisory. Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive proce...

RockyLinux 9 : postgresql:15 (RLSA-2025:1741)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:1741 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

RockyLinux 9 : postgresql:16 (RLSA-2025:1743)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:1743 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

AlmaLinux 8 : postgresql:16 (ALSA-2025:1740)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:1740 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

K000149918: PostgresQL vulnerability CVE-2021-3677

Security Advisory Description A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server...

AlmaLinux 9 : libpq (ALSA-2025:1738)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:1738 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

Oracle Linux 8 : postgresql:16 (ELSA-2025-1740)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1740 advisory. pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack 1.5.1-1 - Update to 1.5.1...

CBL Mariner 2.0 Security Update: postgresql (CVE-2025-1094)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1094 advisory. - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

AlmaLinux 9 : postgresql:15 (ALSA-2025:1741)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:1741 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

Azure Linux 3.0 Security Update: postgresql (CVE-2025-1094)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1094 advisory. - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

RHEL 8 : postgresql:13 (RHSA-2025:1736)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1736 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing...

RHEL 9 : postgresql (RHSA-2025:1726)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1726 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing...

RHEL 9 : postgresql (RHSA-2025:1742)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1742 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing...

RHEL 8 : postgresql:13 (RHSA-2025:1729)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1729 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing...

RHEL 9 : postgresql:16 (RHSA-2025:1731)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1731 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing...

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access PRA and Remote Support RS products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability,...

Azure Linux 3.0 Security Update: postgresql (CVE-2024-4317)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4317 advisory. - Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged...

CVE-2025-1094

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...