13277 matches found
CVE-2025-8715
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...
CVE-2025-8714
CVE-2025-8714 affects PostgreSQL (and variants in related advisories) via Untrusted data inclusion in pg_dump, pg_dumpall, and pg_restore, allowing a malicious superuser to inject code during restore as the client OS account running psql. The issue arises from processing psql meta-commands in dum...
CVE-2025-8713 PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...
CVE-2025-8713 PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...
CVE-2025-8713
CVE-2025-8713 concerns PostgreSQL: attacker can read sampled statistics data (e.g., histograms, most-common-values) from columns via optimizer statistics, potentially bypassing view ACLs and row security policies in partitioning/inheritance hierarchies. Affected: PostgreSQL versions prior to 17.6...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL versions 17.6, 16.10,...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL versions 17.6, 16.10,...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL versions 17.6, 16.10,...
KLA86660 Multiple vulnerabilities in PostgreSQL
Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. Security vulnerability can be exploited to bypass security restrictions an...
Vulnerability in core server (CVE-2025-8713)
PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intende...
Vulnerability in client (CVE-2025-8714)
PostgreSQL pgdump lets superuser of origin server execute arbitrary code in psql client Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to...
Vulnerability in client (CVE-2025-8715)
PostgreSQL pgdump newline in object name executes arbitrary code in psql client and in restore target server Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account...
FreeBSD : PostgreSQL -- vulnerabilities (fc048b51-7909-11f0-90a2-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fc048b51-7909-11f0-90a2-6cc21735f730 advisory. PostgreSQL project reports: Tighten security checks in planner estimation functions. Prevent...
DLA-4273-1 postgresql-13 - security update
Bulletin has no description...
Debian dla-4273 : libecpg-compat3 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4273 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4273-1 [email protected]...
PT-2025-33267
Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The PostgreSQL optimizer statistics feature can expose sampled data within a view, partition, or child table. This allows a user to read sampled data that they would not normally have...
PT-2025-33269
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 Description: Improper neutralization of newlines in pg dump allows a...
PT-2025-33268
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 Description: The vulnerability relates to untrusted data inclusion...
SUSE SLES15 Security Update : postgresql16 (SUSE-SU-2025:01782-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01782-2 advisory. Upgrade to 16.9: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation...
SUSE SLES15 Security Update : postgresql14 (SUSE-SU-2025:01786-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01786-2 advisory. Upgrade to 14.18: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validatio...