CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348

TOCTOU race in pg_dump (CVE-2024-7348) allows the object creator to run arbitrary SQL functions as the pg_dump user (often a superuser) by replacing a relation type with a view or foreign table. The attack requires waiting for pg_dump to start; success is facilitated if an open transaction is hel...

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

KLA71453 ACE vulnerability in PostgreSQL

Time-of-check Time-of-use TOCTOU race condition vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories PostgreSQL: CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL Related products...

PostgreSQL -- Prevent unauthorized code execution during pg_dump

PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pgdump session with the privileges of the role running pgdump which is often a superuser. The attack involves replacing a sequence or similar object...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL due to a competing...

FreeBSD : PostgreSQL -- Prevent unauthorized code execution during pg_dump (48e6d514-5568-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 48e6d514-5568-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL...

Vulnerability in core server (CVE-2024-7348)

PostgreSQL relation replacement during pgdump executes arbitrary SQL Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another...

PT-2024-5504 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 16.4 PostgreSQL versions prior to 15.8 PostgreSQL versions prior to 14.13 PostgreSQL versions prior to 13.16 PostgreSQL versions prior to 12.20 Description: A Time-of-check Time-of-use TOCTOU race condition in pg...

PostgreSQL: Multiple Vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

ROS-20240807-07

Vulnerability in implementation of PreparedStatement.setText or PreparedStatement.setBytea methods of JDBC driver PgJDBC methods for connecting Java programs to a PostgreSQL database is related to unsafe temporary files. Exploitation of the vulnerability could allow an attacker to disclose...

GLSA-202408-06 : PostgreSQL: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202408-06 PostgreSQL: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

Important: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.7 release and security update.

Red Hat Integration Camel K 1.10.7 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ROS-20240806-21

Vulnerability of JDBC driver pgjdbc for connecting Java programs to PostgreSQL database is related to Lack of verification of the class implementation of the expected interface. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code through the...

Fedora: Security Advisory (FEDORA-2024-9820d9491f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-WM25-J4GW-6VR3 pREST vulnerable to jwt bypass + sql injection

Summary Probably jwt bypass + sql injection or what i'm doing wrong? PoC how to reproduce 1. Create following files: docker-compose.yml: services: postgres: image: postgres containername: postgrescontainermre environment: POSTGRESUSER: testuserpg POSTGRESPASSWORD: testpasspg POSTGRESDB: testdb...

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by PostgreSQL vulnerability.

Summary IBM Connect:Direct Web Services uses PostgreSQL Solaris 15.6 and Windows 16.2.1 and is vulnerable to CVE-2024-4317. Vulnerability Details CVEID:CVE-2024-4317 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by missing authorizatio...

Malicious code in postgresql-connector-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 87f55ac62324b5fc631b711e125f897d8ae10d06a9d80173463d9a5fa1915302 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...