Lucene search
K

195 matches found

OSV
OSV
added 2024/10/02 3:11 p.m.7 views

SUSE-SU-2024:3158-3 Security update for postgresql16

This update for postgresql16 fixes the following issues: - Upgrade to 15.8 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013...

8.8CVSS8.4AI score0.01565EPSS
Exploits0References3
Amazon
Amazon
added 2024/10/02 12:0 a.m.6 views

Important: libpq

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

8.8CVSS7.8AI score0.01565EPSS
Exploits0
Amazon
Amazon
added 2024/10/02 12:0 a.m.5 views

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

8.8CVSS7.8AI score0.01565EPSS
Exploits0
Amazon
Amazon
added 2024/10/02 12:0 a.m.3 views

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

8.8CVSS7.8AI score0.01565EPSS
Exploits0
Amazon
Amazon
added 2024/10/02 12:0 a.m.3 views

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

8.8CVSS7.8AI score0.01565EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/10/02 12:0 a.m.12 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL12-2024-011)

The version of postgresql installed on the remote host is prior to 12.20-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL12-2024-011 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary...

8.8CVSS7.8AI score0.01565EPSS
Exploits0References4
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.20 views

PostgreSQL: Privilege Escalation

Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...

8.8CVSS8AI score0.01565EPSS
Exploits0
OSV
OSV
added 2024/09/17 12:54 a.m.18 views

RLSA-2024:5927 Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more detail...

8.8CVSS7.7AI score0.01565EPSS
Exploits0References2
Mageia
Mageia
added 2024/09/16 5:44 p.m.26 views

Updated postgresql15 & postgresql13 packages fix security vulnerability

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

8.8CVSS8.2AI score0.01565EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/09/16 12:0 a.m.19 views

Rocky Linux 8 : postgresql:16 (RLSA-2024:5927)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5927 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during pgdump...

8.8CVSS7.2AI score0.01565EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/09/16 12:0 a.m.18 views

Rocky Linux 9 : postgresql:16 (RLSA-2024:5929)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5929 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during pgdump...

8.8CVSS7.2AI score0.01565EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/09/12 12:0 a.m.25 views

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-7348)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7348 advisory. - Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execu...

8.8CVSS7.7AI score0.01565EPSS
Exploits0References2
Redos
Redos
added 2024/09/11 12:0 a.m.8 views

ROS-20240911-19

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.01565EPSS
Exploits0
Redos
Redos
added 2024/09/11 12:0 a.m.7 views

ROS-20240911-18

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.01565EPSS
Exploits0
Redos
Redos
added 2024/09/11 12:0 a.m.8 views

ROS-20240911-17

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.01565EPSS
Exploits0
Redos
Redos
added 2024/09/11 12:0 a.m.13 views

ROS-20240911-21

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.01565EPSS
Exploits0
Redos
Redos
added 2024/09/11 12:0 a.m.9 views

ROS-20240911-22

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.01565EPSS
Exploits0
Redos
Redos
added 2024/09/11 12:0 a.m.8 views

ROS-20240911-20

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.01565EPSS
Exploits0
Redos
Redos
added 2024/09/11 12:0 a.m.275 views

ROS-20240911-02

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.01565EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/10 6:33 p.m.4 views

postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...

8.8CVSS7.5AI score0.01565EPSS
Exploits0References5
Rows per page
Query Builder