Threat Intelligence Database

Multiple security vulnerabilities have been identified in PostgreSQL as used in Red Hat Enterprise Linux 9. These include issues where SET ROLE and SET SESSION AUTHORIZATION reset to the wrong user ID (CVE-2024-10978), PL/Perl environment variable changes can lead to arbitrary code execution (CVE-2024-10979), and row security mechanisms such as subqueries disregard user ID changes (CVE-2024-10976). Red Hat has issued an important security advisory with updates addressing these vulnerabilities. The advisory covers various Red Hat Enterprise Linux 9 variants and related packages.

A security vulnerability (CVE-2024-10979) in PostgreSQL's PL/Perl environment allows environment variable changes to execute arbitrary code. This issue affects PostgreSQL as packaged for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat has released a security update to address this vulnerability.

A vulnerability in PostgreSQL allows a non-owner user to execute arbitrary SQL commands using the 'REFRESH MATERIALIZED VIEW CONCURRENTLY' statement. This issue is tracked as CVE-2024-0985 and affects Red Hat Enterprise Linux 9.2 Extended Update Support versions. Red Hat has released a security update to address this vulnerability. The update will automatically restart the PostgreSQL service upon installation.

A security vulnerability (CVE-2024-7348) affects PostgreSQL in Red Hat Enterprise Linux 7 Extended Lifecycle Support. The issue involves PostgreSQL's relation replacement during the pg_dump utility executing arbitrary SQL. Red Hat has issued an important security advisory with an update to address this vulnerability. The advisory specifically targets PostgreSQL version 9.2.24-9.el7_9.1 for various architectures. No CVSS score is provided, but the severity is rated as important by Red Hat and high in the source data.

Red Hat has issued a security advisory for PostgreSQL addressing multiple vulnerabilities that allow arbitrary code execution during restore operations. The advisory covers CVE-2025-8713, CVE-2025-8714, and CVE-2025-8715, which affect PostgreSQL in Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. The vulnerabilities are rated as important by Red Hat and have a high severity classification. A security update is available that fixes these issues in PostgreSQL version 13.22-1.el9_2. Users of affected Red Hat Enterprise Linux 9.2 variants should apply the update promptly to mitigate the risk.

Red Hat has issued a security advisory for PostgreSQL addressing multiple vulnerabilities that allow code execution during restore operations. These vulnerabilities, identified as CVE-2025-8713, CVE-2025-8714, and CVE-2025-8715, affect PostgreSQL packages in Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. The advisory rates the impact as important and provides updated packages to remediate the issues.

PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715) * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat has issued a security advisory for PostgreSQL 15 addressing multiple vulnerabilities that allow code execution during the restore operation. These include CVE-2025-8713, CVE-2025-8714, and CVE-2025-8715. The advisory rates the update as important and provides updated packages for Red Hat Enterprise Linux 9.4 Extended Update Support. The vulnerabilities could allow an attacker to execute arbitrary code during database restore processes. No CVSS scores are provided in the advisory. The update is available and should be applied to affected systems.

Two security vulnerabilities (CVE-2025-8714 and CVE-2025-8715) affect PostgreSQL 12 on Red Hat Enterprise Linux 8.4, allowing arbitrary code execution during the restore operation. Red Hat has issued an important security advisory with updates to address these issues. The vulnerabilities relate to code execution risks in the database restore process. A security update for the postgresql:12 module is available to remediate these flaws.

Two security vulnerabilities (CVE-2025-8714 and CVE-2025-8715) affect PostgreSQL 12 on Red Hat Enterprise Linux 8.2 AUS. Both vulnerabilities involve code execution during the restore operation of PostgreSQL. Red Hat has issued an important security advisory with updated packages to address these issues. The advisory provides instructions for applying the update. No CVSS score is provided, but the severity is rated as high by the source.