13313 matches found
CVE-2025-8713 PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...
PostgreSQL å®å Øę¼ę“
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL versions 17.6, 16.10,...
PostgreSQL å®å Øę¼ę“
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL versions 17.6, 16.10,...
PostgreSQL å®å Øę¼ę“
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL versions 17.6, 16.10,...
KLA86660 Multiple vulnerabilities in PostgreSQL
Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. Security vulnerability can be exploited to bypass security restrictions an...
DLA-4273-1 postgresql-13 - security update
Bulletin has no description...
Vulnerability in core server (CVE-2025-8714)
PostgreSQL pgdump lets superuser of origin server execute arbitrary code in psql client Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to...
Vulnerability in core server (CVE-2025-8713)
PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intende...
Vulnerability in core server (CVE-2025-8715)
PostgreSQL pgdump newline in object name executes arbitrary code in psql client and in restore target server Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account...
Debian dla-4273 : libecpg-compat3 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4273 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4273-1 [email protected]...
FreeBSD : PostgreSQL -- vulnerabilities (fc048b51-7909-11f0-90a2-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fc048b51-7909-11f0-90a2-6cc21735f730 advisory. PostgreSQL project reports: Tighten security checks in planner estimation functions. Prevent...
PT-2025-33267
Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The PostgreSQL optimizer statistics feature can expose sampled data within a view, partition, or child table. This allows a user to read sampled data that they would not normally have...
PT-2025-33268
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 Description: The vulnerability relates to untrusted data inclusion...
PT-2025-33269
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 Description: Improper neutralization of newlines in pg dump allows a...
SUSE SLES15 Security Update : postgresql16 (SUSE-SU-2025:01782-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01782-2 advisory. Upgrade to 16.9: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation...
SUSE SLES15 Security Update : postgresql14 (SUSE-SU-2025:01786-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01786-2 advisory. Upgrade to 14.18: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validatio...
BIT-LIBPHP-2025-1735 pgsql extension does not check for errors during escaping
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...
BIT-LIBPHP-2022-31625 Freeing unallocated memory in php_pgsql_free_params()
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...
SUSE-SU-2025:01786-2 Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.18: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931...