SUSE CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

ALPINE-CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

EUVD-2026-30283

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

Astra Linux - уязвимость в postgresql-11

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for execution during dump restoration, through the client operating system account running psql, using psql meta-commands within a specially crafted object name. The same attack...

Astra Linux - уязвимость в postgresql-11

Inclusion of untrusted data in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for execution during dump restoration, as the client operating system account running psql restores the dump using psql meta-commands. pgdumpall is also affected. pgresto...

K000160172: PostgreSQL vulnerability CVE-2025-8714

Security Advisory Description Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also...

MiracleLinux 8 : postgresql:16 (AXSA:2024-8740:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8740:01 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during...

MiracleLinux 9 : postgresql:16 (AXSA:2024-8742:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8742:01 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during...

MiracleLinux 8 : postgresql:15 (AXSA:2024-8739:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8739:01 advisory. postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 postgresql: PostgreSQL pgstatsext and pgstatsextexprs...

MiracleLinux 7 : rh-postgresql95-postgresql-9.5.14-1.el7 (AXSA:2018-3311:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3311:01 advisory. postgresql: Certain host connection parameters defeat client-side security defenses CVE-2018-10915 postgresql: Missing authorization and memory...

MiracleLinux 7 : postgresql-9.2.24-9.0.3.el7.AXS7 (AXSA:2025-9699:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9699:03 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to...

TencentOS Server 2: postgresql (TSSA-2024:0736)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0736 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

SUSE-SU-2025:03019-2 Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.19: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. - CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code ...

EUVD-2018-8644

Malware in sbrugna...

Unity Linux 20.1070e Security Update: libpq (UTSA-2025-987404)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987404 advisory. Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client...

EUVD-2024-48286

Malicious code in bioql PyPI...

ROS-20250923-11

The vulnerability of the core server component of the PostgreSQL database management system is related to flaws in the in access control. Exploitation of the vulnerability could allow a remote intruder to bypass ACL security restrictions and gain unauthorized access to protected information. ACL...

ROS-20250923-10

The vulnerability of the core server component of the PostgreSQL database management system is related to flaws in the in access control. Exploitation of the vulnerability could allow a remote intruder to bypass ACL security restrictions and gain unauthorized access to protected information. ACL...

OESA-2025-2240 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...