VYPR

rpm package

suse/postgresql15&distro=SUSE Linux Enterprise Module for Package Hub 15 SP3

pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3

Vulnerabilities (3)

  • CVE-2025-8715HigAug 14, 2025
    affected < 15.14-150200.5.44.1fixed 15.14-150200.5.44.1

    Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name

  • CVE-2025-8714HigAug 14, 2025
    affected < 15.14-150200.5.44.1fixed 15.14-150200.5.44.1

    Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected.

  • CVE-2025-8713LowAug 14, 2025
    affected < 15.14-150200.5.44.1fixed 15.14-150200.5.44.1

    PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data availab