47 matches found
Astra Linux - уязвимость в postgresql-11
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for execution during dump restoration, through the client operating system account running psql, using psql meta-commands within a specially crafted object name. The same attack...
K000160172: PostgreSQL vulnerability CVE-2025-8714
Security Advisory Description Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also...
CVE-2026-27965
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005334)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005334 advisory. Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client...
CLSA-2025-1764773940 postgresql: Fix of CVE-2025-8714
CVE-2025-8714: Restrict restore-time code execution...
TencentOS Server 3: postgresql:12 (TSSA-2025:0817)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0817 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: postgresql:13 (TSSA-2025:0780)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0780 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Medium: postgresql
Issue Overview: Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected...
Unity Linux 20.1070e Security Update: libpq (UTSA-2025-987407)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987407 advisory. Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client...
Unity Linux 20.1070e Security Update: libpq (UTSA-2025-987404)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987404 advisory. Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client...
EUVD-2025-24810
Malicious code in bioql PyPI...
EUVD-2025-24809
Malicious code in bioql PyPI...
Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2025-1177)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1177 advisory. PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy...
OESA-2025-2240 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
OESA-2025-2239 postgresql security update
PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...
Important: postgresql17
Issue Overview: PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available ...
Amazon Linux 2023 : postgresql17, postgresql17-contrib, postgresql17-llvmjit (ALAS2023-2025-1158)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1158 advisory. PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy...
Important: postgresql15
Issue Overview: PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available ...
OESA-2025-2139 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
OESA-2025-2138 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...