8 matches found
JLSEC-2026-24
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...
PT-2025-20841 · Bitnami +2 · Bitnami/Postgres-Ha +3
Name of the Vulnerable Software and Affected Versions: bitnami/pgpool affected versions not specified bitnami/postgres-ha affected versions not specified Description: The bitnami/pgpool Docker image and the bitnami/postgres-ha k8s chart, under default configurations, come with a repmgr user that...
Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution
MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexib...
Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution
MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexib...
Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution
MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexib...
It was found that PostgreSQL versions before 12.4 before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058 in order to execute arbitrary SQL command in the context of the user used for replication.
...
ALPINE-CVE-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...
UBUNTU-CVE-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...