DEBIAN-CVE-2023-53163

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: don't hold nilock when calling truncatesetsize syzbot is reporting hung task at douseraddrfault 1, for there is a silent deadlock between PGlocked bit and nilock lock. Since filemapupdatepage calls filemapreadfolio afte...

ROS-20250912-01

Vulnerability of pgdump utility of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql16 (SUSE-SU-2025:03005-2)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03005-2 advisory. Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a vie...

Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...

SUSE-SU-2025:03005-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...

Oracle Linux 8 : postgresql:13 (ELSA-2025-15021)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-15021 advisory. pgaudit 1.5.0-1 - Update to version 1.5.0 Related: 1855776 pgrepack 1.4.6-3 - Release bump - enable gating 1.4.6-2 - Rebuild - Resolves:1954442 1.4.6-...

SUSE-SU-2025:03018-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.14: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. - CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code ...

Linux Distros Unpatched Vulnerability : CVE-2024-44905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go. CVE-2024-44905 Note that Nessus relies on the...

SUSE-SU-2025:02986-1 Security update for postgresql17

This update for postgresql17 fixes the following issues: Updated to 17.6: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...

CVE-2025-55282

The CVE-2025-55282 issue affects aiven-db-migrate (prior to 1.0.7). A privilege-escalation flaw exists due to a lack of search_path restriction during migrations from untrusted sources, enabling a user to override pg_catalog and execute untrusted operators as a PostgreSQL superuser. This is fixed...

SUSE-SU-2025:02842-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to 13.22: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. - CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code ...

Malicious code in @zalastax/nolb-pg (npm)

The package @zalastax/nolb-pg was found to contain malicious code...

Malicious code in cashfree-pg-koa-app (npm)

The package cashfree-pg-koa-app was found to contain malicious code...

MAL-2025-13132 Malicious code in @zalastax/nolb-pg (npm)

The package @zalastax/nolb-pg was found to contain malicious code...

MAL-2025-16622 Malicious code in cashfree-pg-koa-app (npm)

The package cashfree-pg-koa-app was found to contain malicious code...

AZL-66327 CVE-2025-8715 affecting package postgresql for versions less than 14.19-1

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

PT-2025-33268

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 Description: The vulnerability relates to untrusted data inclusion...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, influxd, caddy, crossplane-provider-azure-managedidentity, fulcio, http-echo, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller, opa, postgres-operator-fips, docker-machine-driver-harvester, loki-3.6,...

SUSE CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

ruby:3.3 security update

An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...