132 matches found
SUSE SLES12: postgresql15 / postgresql15-contrib / postgresql15-devel / etc (SUSE-SU-2025:03004-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03004-1 advisory. Upgrade to 15.14: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. -...
SUSE-SU-2025:03003-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgrade to 13.22: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. - CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code ...
SUSE-SU-2025:02994-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgrade to 13.22: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. - CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code ...
SUSE SLED15: libecpg6 / libecpg6-32bit / libpq5 / libpq5-32bit / postgresql17 / etc (SUSE-SU-2025:02986-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02986-1 advisory. Updated to 17.6: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view,...
Security update for postgresql17
This update for postgresql17 fixes the following issues: Updated to 17.6: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...
SUSE-SU-2025:02986-1 Security update for postgresql17
This update for postgresql17 fixes the following issues: Updated to 17.6: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...
SUSE SLES15: postgresql16 / postgresql16-contrib / postgresql16-devel / etc (SUSE-SU-2025:02981-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02981-1 advisory. Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table...
SUSE-SU-2025:02980-1 Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...
Linux Distros Unpatched Vulnerability : CVE-2020-25696
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.2...
CVE-2025-55283 aiven-db-migrate allows Privilege Escalation through use of psql during migration
aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems from psql executing commands embedded in a...
CVE-2025-55283 aiven-db-migrate allows Privilege Escalation through use of psql during migration
aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems from psql executing commands embedded in a...
SUSE CVE-2025-8715
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...
ALPINE-CVE-2025-8715
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...
DEBIAN-CVE-2025-8714
Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection in the restore process via psql meta-commands inside a purpose-crafted object name. An attacker can execute arbitrary code by injecting meta commands into the file, which can be executed by an unknowing user during the...
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection in the restore process via psql meta-commands inside a purpose-crafted object name. An attacker can execute arbitrary code by injecting meta commands into the file, which can be executed by an unknowing user during the...
Inclusion of Functionality from Untrusted Control Sphere
Overview Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere when restoring from a plain-text dump file. An attacker can embed malicious psql meta-commands into dump files generated by pgdump --format=plain, pgdumpall, or pgrestore --file...
CVE-2025-8714 PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...
CVE-2025-8714
Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...
CVE-2022-40756
If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 v15.11.005, Patch Update 4 for Zen 15 v15.01.017, or Patch Update 5 for Zen 14 SP2 v14.21.022, it can allow an attacker with file read/write access to remove specific security files in order to reset the...