Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10979

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. Vulnerability Details CVEID:CVE-2024-10979 DESCRIPTION: Incorrect...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10976

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. Vulnerability Details CVEID:CVE-2024-10976 DESCRIPTION: Incomplete tracking in PostgreSQL of...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10977

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, which could provide weaker than expected security, caused by a flaw with retaining an error message from man-in-the-middle. A remote attacker could exploit this vulnerability to launch further attacks on the system. Vulnerability...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10978

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, which could allow a remote authenticated attacker to bypass security restrictions, caused by an incorrect privilege assignment Vulnerability Details CVEID:CVE-2024-10978 DESCRIPTION: PostgreSQL could allow a remote authenticated...

Advisory ROSA-SA-2025-2666

software: postgresql 15.4 WASP: ROSA-CHROME packageevrstring: postgresql-15.4 CVE-ID: CVE-2023-5868 BDU-ID: 2023-07905 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to the lack of service data protection in function calls with aggregation...

Advisory ROSA-SA-2025-2665

software: postgresql 12.16 WASP: ROSA-CHROME packageevrstring: postgresql-12.16 CVE-ID: CVE-2023-5868 BDU-ID: 2023-07905 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to the lack of service data protection in function calls with aggregation...

Advisory ROSA-SA-2025-2625

software: postgresql 12.17 WASP: ROSA-CHROME packageevrstring: postgresql-12.17-2 CVE-ID: CVE-2024-0985 BDU-ID: 2024-01121 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the REFRESH MATERIALIZED VIEW CONCURRENTLY function of the PostgreSQL database management system involves privilege management...

CLSA-2025-1737993791 postgresql: Fix of CVE-2024-7348

CVE-2024-7348: Fix TOCTOU race condition in pgdump...

Advisory ROSA-SA-2025-2589

software: postgresql 12.20 WASP: ROSA-CHROME packageevrstring: postgresql-12.20-1 CVE-ID: CVE-2024-7348 BDU-ID: 2024-06153 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to...

The vulnerability of the Azure Database for PostgreSQL Flexible Server’s database management system lies in the lack of measures taken at the control level to clean data. This allows attackers to execute arbitrary code and increase their privileges.

The vulnerability of the Azure Database for PostgreSQL Flexible Server database management system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code and increase their...

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

Amazon Linux 2 : postgresql (ALAS-2025-2733)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2733 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL...

PT-2025-4138

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.1 Description A high severity flaw allows unprivileged users to alter sensitive environment variables, such as PATH, potentially leading to code execution. Recommendations For versions prior to 17.1, update to t...

K000149329: PostgreSQL vulnerabilities CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, and CVE-2014-0063

Security Advisory Description CVE-2014-0060 PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users t...

CVE-2022-41862 affecting package postgresql 12.15-1

CVE-2022-41862 affecting package postgresql 12.15-1. No patch is available currently...

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin that stems from the fact that a user logged into pgAdmin running in server mode using LDAP authentication may attach to another...

pgAgent 安全漏洞

pgAgent is an open source job scheduler for PostgreSQL from the pgAdmin Project. A security vulnerability exists in pgAgent versions prior to 4.2.3 that stems from insufficient initialization of the random number generator used to generate directory names, which allows a local attacker to...

K000149183: PostgreSQL vulnerabilities CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, and CVE-2014-0067

Security Advisory Description CVE-2014-0064 Multiple integer overflows in the pathin and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and...

PT-2026-5436

Name of the Vulnerable Software and Affected Versions geopandas versions prior to 1.1.2 Description A SQL injection issue exists in geopandas before version 1.1.2. This allows an attacker to potentially obtain sensitive information through the to postgis function when writing GeoDataFrames to a...