postgresql: CREATE STATISTICS does not check for schema CREATE privilege

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

postgresql: libpq: libpq undersizes allocations, via integer wraparound

A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application...

Moderate: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

openSUSE 15 Security Update : postgresql13 (SUSE-SU-2025:4325-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4325-1 advisory. Upgraded to 13.23: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed...

RHEL 9 : postgresql:15 (RHSA-2025:23023)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23023 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: CREATE STATISTICS does not check f...

📄 Redash Authenticated Remote Command Execution

Redash’s default setup uses PostgreSQL superuser credentials for its primary data source. Because users can run SQL through Redash, any authenticated account gains excessive control over the database. This allows executing system commands on the database server through PostgreSQL’s COPY FROM...

RHEL 9 : postgresql:15 (RHSA-2025:23022)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23022 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: CREATE STATISTICS does not check f...

SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2025:4334-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4334-1 advisory. Upgraded to 13.23: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818:...

Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgraded to 13.23: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...

SUSE-SU-2025:4334-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgraded to 13.23: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...

CLSA-2025-1765287627 Update of postgresql

Bump release to 9.2.24-9.0.3.tuxcare.els1...

Security Bulletin: IBM Datapower Operations Dashboard could allow allow a man-in-the-middle attacker to intercept connections CVE-2025-49146

Summary postgresql is used in KeyCloak which is used by the IBM Datapower Operations Dashboard for authentication and authorization Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC drive...

K000158118: PostgreSQL vulnerabilities CVE-2025-8713, CVE-2025-8715

Security Advisory Description CVE-2025-8713 PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables...

Amazon Linux 2023 : libpq, libpq-devel (ALAS2023-2025-1299)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1299 advisory. Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundre...

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2025-1313)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1313 advisory. Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE...

Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2025-1314)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1314 advisory. Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE...

Amazon Linux 2023 : postgresql17, postgresql17-contrib, postgresql17-llvmjit (ALAS2023-2025-1300)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1300 advisory. Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE...

Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgraded to 13.23: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...

SUSE-SU-2025:4325-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgraded to 13.23: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...

Medium: postgresql16

Issue Overview: Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail...