212 matches found
GHSA-37XW-RPJG-XXFX vulnerabilities
Vulnerabilities for packages: postgresql...
GHSA-MHW9-X46C-V6Q4 vulnerabilities
Vulnerabilities for packages: postgresql...
GHSA-37V9-JH5M-F5PG vulnerabilities
Vulnerabilities for packages: postgresql...
GHSA-2R9H-X757-8J9Q vulnerabilities
Vulnerabilities for packages: postgresql...
CVE-2025-1094
CVE-2025-1094 affects PostgreSQL libpq and related command-line utilities. The issue is improper neutralization of quoting syntax in the libpq APIs PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn(), which can allow SQL injection when the application uses the func...
K000149702: PostgreSQL vulnerabilities CVE-2024-10977 and CVE-2024-10979
Security Advisory Description CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a...
Amazon Linux AMI : postgresql92 (ALAS-2025-1959)
The version of postgresql92 installed on the remote host is prior to 9.2.24-3.70. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1959 advisory. While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary...
Advisory ROSA-SA-2025-2666
software: postgresql 15.4 WASP: ROSA-CHROME packageevrstring: postgresql-15.4 CVE-ID: CVE-2023-5868 BDU-ID: 2023-07905 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to the lack of service data protection in function calls with aggregation...
Advisory ROSA-SA-2025-2665
software: postgresql 12.16 WASP: ROSA-CHROME packageevrstring: postgresql-12.16 CVE-ID: CVE-2023-5868 BDU-ID: 2023-07905 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to the lack of service data protection in function calls with aggregation...
K000149329: PostgreSQL vulnerabilities CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, and CVE-2014-0063
Security Advisory Description CVE-2014-0060 PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users t...
K000149183: PostgreSQL vulnerabilities CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, and CVE-2014-0067
Security Advisory Description CVE-2014-0064 Multiple integer overflows in the pathin and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and...
Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-014)
The version of postgresql installed on the remote host is prior to 14.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2024-014 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...
K000149068: Multiple PostGreSQL vulnerabilities
Security Advisory Description CVE-2017-7485 In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle...
K000149073: PostgreSQL vulnerabilities CVE-2021-3393, CVE-2015-5289, and CVE-2017-8806
Security Advisory Description CVE-2021-3393 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose...
K000149072: PostgreSQL vulnerabilities CVE-2015-5288, CVE-2015-3165, CVE-2014-8161, and CVE-2014-2669
Security Advisory Description CVE-2015-5288 The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a...
RockyLinux 8 : postgresql:12 (RLSA-2024:10785)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10785 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...
RockyLinux 8 : postgresql:16 (RLSA-2024:10831)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10831 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...
RockyLinux 9 : postgresql:16 (RLSA-2024:10788)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10788 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...
RockyLinux 8 : postgresql:15 (RLSA-2024:10830)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10830 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...
RockyLinux 9 : postgresql:15 (RLSA-2024:10787)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10787 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...