Lucene search
+L

26 matches found

bdu_fstec
bdu_fstec
added yesterday27 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00736EPSS
Exploits1References11Affected Software9
redhat
redhat
added 2026/07/01 6:20 p.m.6 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.6AI score0.00464EPSS
Exploits0References5
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in PostgresSQL 11

The Time-of-Check Time-of-Use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions while the user running pgdump is a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for...

8.8CVSS7.2AI score0.01565EPSS
Exploits0References2
postgresql
postgresql
added 2026/05/14 12:0 a.m.34 views

Vulnerability in client (CVE-2026-6477)

PostgreSQL libpq lo functions let server superuser overwrite client stack memory Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an...

8.8CVSS6.1AI score0.00464EPSS
Exploits0References1Affected Software1
suse
suse
added 2025/10/13 2:33 p.m.8 views

Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.19: CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code in...

8.8CVSS7.8AI score0.00736EPSS
Exploits1References12
redos
redos
added 2025/09/23 12:0 a.m.3 views

ROS-20250923-09

The vulnerability of the core server component of the PostgreSQL database management system is related to flaws in the in access control. Exploitation of the vulnerability could allow a remote intruder to bypass ACL security restrictions and gain unauthorized access to protected information. ACL...

8.8CVSS8.2AI score0.00736EPSS
Exploits1
redos
redos
added 2025/09/12 12:0 a.m.5 views

ROS-20250912-01

Vulnerability of pgdump utility of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

8.8CVSS8AI score0.00412EPSS
Exploits0
nessus
nessus
added 2025/09/12 12:0 a.m.1 views

SUSE SLED15: postgresql16 / postgresql16-contrib / postgresql16-devel / etc (SUSE-SU-2025:03005-2)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03005-2 advisory. Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a vie...

8.8CVSS7.7AI score0.00736EPSS
Exploits1References10
suse
suse
added 2025/09/11 10:22 a.m.2 views

Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...

8.8CVSS8.2AI score0.00736EPSS
Exploits1References12
osv
osv
added 2025/09/11 10:21 a.m.3 views

SUSE-SU-2025:03005-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...

8.8CVSS8.2AI score0.00736EPSS
Exploits1References7
osv
osv
added 2025/08/29 8:31 a.m.1 views

SUSE-SU-2025:03018-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.14: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. - CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code ...

8.8CVSS7.8AI score0.00736EPSS
Exploits1References7
osv
osv
added 2025/08/26 10:41 a.m.10 views

SUSE-SU-2025:02986-1 Security update for postgresql17

This update for postgresql17 fixes the following issues: Updated to 17.6: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...

8.8CVSS6.6AI score0.00736EPSS
Exploits1References7
osv
osv
added 2025/08/18 12:33 p.m.6 views

SUSE-SU-2025:02842-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to 13.22: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. - CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code ...

8.8CVSS6.3AI score0.00736EPSS
Exploits1References7
osv
osv
added 2025/08/14 1:15 p.m.8 views

AZL-66327 CVE-2025-8715 affecting package postgresql for versions less than 14.19-1

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

8.8CVSS7.5AI score0.00412EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/08/13 12:0 a.m.11 views

PT-2025-33268

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 Description: The vulnerability relates to untrusted data inclusion...

10CVSS7.9AI score0.89914EPSS
Exploits12References158
osv
osv
added 2025/01/27 4:3 p.m.7 views

CLSA-2025-1737993791 postgresql: Fix of CVE-2024-7348

CVE-2024-7348: Fix TOCTOU race condition in pgdump...

8.8CVSS5.8AI score0.01565EPSS
Exploits0References1
redhat
redhat
added 2024/10/28 1:26 a.m.8 views

postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...

8.8CVSS7.5AI score0.01565EPSS
Exploits0References5
osv
osv
added 2024/10/04 3:36 p.m.6 views

CLSA-2024-1728056209 Fix CVE(s): CVE-2024-7348

SECURITY UPDATE: TOCTOU race condition in pgdump - debian/patches/CVE-2024-7348.patch: Fix TOCTOU race condition in pgdump. - CVE-2024-7348...

8.8CVSS7.2AI score0.01565EPSS
Exploits0References1
amazon
amazon
added 2024/10/02 12:0 a.m.6 views

Important: libpq

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

8.8CVSS7.8AI score0.01565EPSS
Exploits0
osv
osv
added 2024/09/27 4:5 p.m.6 views

CLSA-2024-1727453123 Fix CVE(s): CVE-2024-7348

SECURITY UPDATE: TOCTOU race condition in pgdump - debian/patches/CVE-2024-7348.patch: Fix TOCTOU race condition in pgdump. - CVE-2024-7348...

8.8CVSS7.2AI score0.01565EPSS
Exploits0References1
Rows per page
Query Builder