CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2024/11/08 12:0 a.m.•16 views

RHEL 8 : postgresql:12 (RHSA-2024:6000)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6000 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

Tenable Nessus•added 2024/11/07 12:0 a.m.•13 views

RHEL 8 : postgresql:13 (RHSA-2024:6018)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6018 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

Tenable Nessus•added 2024/11/07 12:0 a.m.•5 views

RHEL 8 : postgresql:12 (RHSA-2024:6138)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6138 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

Tenable Nessus•added 2024/11/07 12:0 a.m.•10 views

RHEL 9 : postgresql:16 (RHSA-2024:5929)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5929 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and...

8.8CVSS7.3AI score0.00764EPSS

Exploits0References5

VulnCheck KEV•added 2024/10/31 12:0 a.m.•0 views

VulnCheck KEV: CVE-2020-29574

CyberoamOS CROS contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely...

9.8CVSS7.6AI score0.10073EPSS

Exploits0References1

Positive Technologies•added 2024/10/30 12:0 a.m.•1 views

PT-2024-33193 · Sas · Sas Studio

Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: A SQL injection issue exists in the /SASStudio/sasexec/sessions/sessionID/sql endpoint of SAS Studio, allowing a remote attacker to execute arbitrary SQL commands via the POST body request. This issue is...

8.8CVSS8.3AI score0.16061EPSS

Exploits0References5

Tenable Nessus•added 2024/10/29 12:0 a.m.•6 views

RHEL 7 : postgresql (RHSA-2024:8495)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8495 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

Ubuntu•added 2024/10/14 2:0 p.m.•8 views

USN-6968-3: PostgreSQL vulnerability

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16. This update provides the corresponding updates for PostgreSQL-9.3 in Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS. Original advisory details: Noah Misch discovered that PostgreSQL incorrectly handled...

8.8CVSS7.6AI score0.00764EPSS

Amazon•added 2024/10/02 12:0 a.m.•1 views

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

8.8CVSS7.8AI score0.00764EPSS

OSV•added 2024/09/17 12:55 a.m.•16 views

RLSA-2024:5929 Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more detail...

7.5CVSS7.7AI score0.00764EPSS

OSV•added 2024/09/16 5:44 p.m.•4 views

MGASA-2024-0301 Updated postgresql15 & postgresql13 packages fix security vulnerability

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

8.8CVSS8.9AI score0.00764EPSS

Exploits0References4

OSV•added 2024/09/12 12:12 p.m.•11 views

SUSE-SU-2024:3224-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: - Upgrade to 15.8 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013...

8.8CVSS8.4AI score0.00764EPSS

Redos•added 2024/09/11 12:0 a.m.•5 views

ROS-20240911-18

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.00764EPSS