OESA-2024-2055 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

OESA-2024-2054 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining

Cybersecurity researchers have unpacked a new malware strain dubbed PGMEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. "Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gaine...

New PG_MEM Malware Targets PostgreSQL Databases to Mine Cryptocurrency

The new PGMEM malware targets PostgreSQL databases, exploiting weak passwords to deliver payloads and mine cryptocurrency. Researchers warn…...

Packetbeat vulnerable to denial-of-service (DoS)

Overview Packetbeat provided by Elastic contains a denial-of-service DoS vulnerability. Packetbeat provided by Elastic is a network packet analyzer. Packetbeat contains a flaw in processing the PostgreSQL handler CWE-129 . Impact Processing a specially crafted packet may lead to a denial-of-servi...

Ubuntu: Security Advisory (USN-6968-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6968-1: PostgreSQL vulnerability

Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute arbitrary SQL functions as the superuser...

USN-6968-1 postgresql-12, postgresql-14, postgresql-16 vulnerability

Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute arbitrary SQL functions as the superuser...

Important: postgresql15

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

Important: postgresql15

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-702)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-702 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : PostgreSQL vulnerability (USN-6968-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6968-1 advisory. Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute...

OESA-2024-1977 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

PostgreSQL relation replacement during pg_dump executes arbitrary SQL

...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.8-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

ROS-20240815-11

Vulnerability of JDBC driver pgjdbc for connecting Java programs to PostgreSQL database is related to the creation of arbitrary files. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the integrity and confidentiality of the system. remotely to affect the...

PostgreSQL 12.x < 12.20 / 13.x < 13.16 / 14.x < 14.13 / 15.x < 15.8 / 16.x 16.4 SQL Injection<

The version of PostgreSQL installed on the remote host is 12 prior to 12.20, 13 prior to 13.16, 14 prior to 14.13, 15 prior to 15.8, or 16 prior to 16.4. As such, it is potentially affected by a vulnerability : - Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an...

CVE-2024-7348 affecting package postgresql for versions less than 16.4-1

CVE-2024-7348 affecting package postgresql for versions less than 16.4-1. An upgraded version of the package is available that resolves this issue...

Debian: Security Advisory (DSA-5745-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary SQL code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the dereferencing of a zero pointer due to concurrent access to resources race condition. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code under the name of the...