13 matches found
PT-2026-50810
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 1.0 through 9.15 Description SQL injection is possible across multiple dialog templates that render descriptions for Domains, Foreign Tables, Languages, and Event Triggers, as well as the Views OID-lookup query. The issue...
JLSEC-2026-52
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
Astra Linux – Vulnerability in PostgresSQL-15
The Time-of-Check Time-of-Use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions while the user running pgdump is a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for...
PostgreSQL: Privilege Escalation
Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...
BIT-POSTGRESQL-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
ALPINE-CVE-2024-7348
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
CVE-2024-7348
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
CVE-2024-7348
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
AZL-47636 CVE-2024-7348 affecting package postgresql for versions less than 16.4-1
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
CVE-2024-7348
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
CVE-2024-7348
TOCTOU race in pg_dump (CVE-2024-7348) allows the object creator to run arbitrary SQL functions as the pg_dump user (often a superuser) by replacing a relation type with a view or foreign table. The attack requires waiting for pg_dump to start; success is facilitated if an open transaction is hel...
CVE-2024-7348
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...