11 matches found
PT-2026-37159
Name of the Vulnerable Software and Affected Versions pgx versions prior to 5.9.2 Description SQL injection can occur when the non-default simple protocol is used in conjunction with a dollar quoted string literal in the SQL query. If that string literal contains text that would be interpreted as...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via improper validation of the oidvector type. An attacker can access a few bytes of server memory by crafting specific database queries. Remediation Upgrade libpq to version 14.22, 15.17,...
CLSA-2026-1768565904 libpq: Fix of CVE-2025-12818
Update to 13.23 - CVE-2025-12818: fix integer overflow in allocation-size calculations...
RHEL 8 : libpq (RHSA-2026:0695)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0695 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql:...
CVE-2025-8715 PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...
OESA-2025-1568 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
CVE-2019-15534
Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update...
OESA-2025-1228 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
DEBIAN-CVE-2020-17446
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...
Raml-Module-Builder SQL Injection Vulnerability
Raml-Module-Builder is a framework that allows the creation of modules based on RAML files. A SQL injection vulnerability exists in PostgresClient.update in Raml-Module-Builder version 26.4.0, which can be exploited by an attacker to execute illegal SQL commands...
postgresql: Certain host connection parameters defeat client-side security defenses
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...