27 matches found
EUVD-2021-26833
Malware in sbrugna...
EUVD-2025-27726
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-3515
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft ...
CVE-2025-2506
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...
CVE-2025-2506
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...
CVE-2025-2506
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...
CVE-2025-2506
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...
CVE-2025-2506
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...
CVE-2025-2506
CVE-2025-2506 affects pglogical 3.x (proprietary to EDB) with integration into BDR/PGD 4/5. The issue arises when pglogical attempts replication without verifying it is on a replication connection, enabling a user with CONNECT on a replication-configured database to run pglogical commands and rea...
CVE-2025-2506
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...
PT-2025-22494 · Pglogical +1 · Pglogical +1
Name of the Vulnerable Software and Affected Versions: pglogical versions 3.x BDR/PGD versions 4 and 5 Description: The issue arises when pglogical attempts to replicate data without verifying if it is using a replication connection. This allows a user with CONNECT access to a database configured...
pglogical 安全漏洞
pglogical is an open source logical replication extension for PostgreSQL by 2ndQuadrant. A security vulnerability exists in pglogical version 3.x prior to 3.7.26, which stems from an unverified replication connection that could result in reading replicated table data...
SUSE CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
PostgreSQL Command Injection Vulnerability
PostgreSQL is a free object-relational database management system from the Postgresql organization. The system supports most SQL standards and provides many other features such as foreign keys, triggers, views, etc. A security vulnerability exists in PostgreSQL, which stems from the fact that a...
FreeBSD : pglogical -- shell command injection in pglogical.create_subscription() (45b8716b-c707-11eb-b9a0-6805ca0b3d42)
2ndQuadrant reports : - Fix pgdump/pgrestore execution CVE-2021-3515 Correctly escape the connection string for both pgdump and pgrestore so that exotic database and user names are handled correctly. Reported by Pedro Gallegos %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
DEBIAN-CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
UBUNTU-CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...