RHEL 8 : postgresql:12 (RHSA-2024:6000)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6000 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

RHEL 8 : postgresql:13 (RHSA-2024:6018)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6018 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

RHEL 8 : postgresql:12 (RHSA-2024:6138)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6138 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

RHEL 9 : postgresql:16 (RHSA-2024:5929)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5929 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and...

RHEL 7 : postgresql (RHSA-2024:8495)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8495 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

USN-6968-3: PostgreSQL vulnerability

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16. This update provides the corresponding updates for PostgreSQL-9.3 in Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS. Original advisory details: Noah Misch discovered that PostgreSQL incorrectly handled...

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

MGASA-2024-0301 Updated postgresql15 & postgresql13 packages fix security vulnerability

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

SUSE: Security Advisory (SUSE-SU-2024:3181-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...

RHEL 9 : postgresql (RHSA-2024:5999)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5999 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

ALSA-2024:6020 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 For more detail...

Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

ZOHO ManageEngine ADAudit Plus SQL Injection Vulnerability (CNVD-2024-37487)

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. ZOHO ManageEngine ADAudit Plus prior to version 8000 suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...

Important: postgresql15

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

CVE-2024-7348

A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the R...

The vulnerability of the setgeneral.php file in the Tailoring Management System (TMS) allows a hacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause service interruptions.

The vulnerability of the setgeneral.php file in the Tailoring Management System TMS involves a lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause ...

The vulnerability of the add-expense.php script of the Daily Expenses Management System allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the add-expense.php file in the Daily Expenses Management System is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary SQL commands using specially created POST...

Human Resource Management System security breach

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in SourceCodester Human Resource Management System version 1.0, which originates from a SQL injection vulnerability that allows an attacker to execute...

CVE-2024-33808

A SQL injection vulnerability in /model/gettimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...