RHEL 9 : postgresql:16 (RHSA-2024:5929)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5929 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and...

RHEL 8 : postgresql:12 (RHSA-2024:6138)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6138 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

RHEL 7 : postgresql (RHSA-2024:8495)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8495 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

USN-6968-3: PostgreSQL vulnerability

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16. This update provides the corresponding updates for PostgreSQL-9.3 in Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS. Original advisory details: Noah Misch discovered that PostgreSQL incorrectly handled...

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

MGASA-2024-0301 Updated postgresql15 & postgresql13 packages fix security vulnerability

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

SUSE: Security Advisory (SUSE-SU-2024:3181-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...

Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

ALSA-2024:6020 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 For more detail...

RHEL 9 : postgresql (RHSA-2024:5999)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5999 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

ZOHO ManageEngine ADAudit Plus SQL Injection Vulnerability (CNVD-2024-37487)

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. ZOHO ManageEngine ADAudit Plus prior to version 8000 suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...

Important: postgresql15

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

CVE-2024-7348

A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the R...

Human Resource Management System security breach

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in SourceCodester Human Resource Management System version 1.0, which originates from a SQL injection vulnerability that allows an attacker to execute...

CVE-2024-33808

A SQL injection vulnerability in /model/gettimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

CVE-2024-34931

A SQL injection vulnerability in /model/updatesubject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...

CVE-2024-34930

A SQL injection vulnerability in /model/allevents1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter...

CVE-2024-35361

MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights...

CVE-2024-35361

MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights...