CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

DEBIAN-CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348

TOCTOU race in pg_dump (CVE-2024-7348) allows the object creator to run arbitrary SQL functions as the pg_dump user (often a superuser) by replacing a relation type with a view or foreign table. The attack requires waiting for pg_dump to start; success is facilitated if an open transaction is hel...

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

PostgreSQL -- Prevent unauthorized code execution during pg_dump

PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pgdump session with the privileges of the role running pgdump which is often a superuser. The attack involves replacing a sequence or similar object...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL due to a competing...

KLA71453 ACE vulnerability in PostgreSQL

Time-of-check Time-of-use TOCTOU race condition vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories PostgreSQL: CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL Related products...

FreeBSD : PostgreSQL -- Prevent unauthorized code execution during pg_dump (48e6d514-5568-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 48e6d514-5568-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL...

Vulnerability in core server (CVE-2024-7348)

PostgreSQL relation replacement during pgdump executes arbitrary SQL Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another...

PostgreSQL: Multiple Vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

PT-2024-5504 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 16.4 PostgreSQL versions prior to 15.8 PostgreSQL versions prior to 14.13 PostgreSQL versions prior to 13.16 PostgreSQL versions prior to 12.20 Description: A Time-of-check Time-of-use TOCTOU race condition in pg...

GLSA-202408-06 : PostgreSQL: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202408-06 PostgreSQL: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...

ROS-20240807-07

Vulnerability in implementation of PreparedStatement.setText or PreparedStatement.setBytea methods of JDBC driver PgJDBC methods for connecting Java programs to a PostgreSQL database is related to unsafe temporary files. Exploitation of the vulnerability could allow an attacker to disclose...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

Important: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.7 release and security update.

Red Hat Integration Camel K 1.10.7 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...