Matthieu Denais

**Name of the Vulnerable Software and Affected Versions:** PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 **Description:** The vulnerability relates to untrusted data inclusion within the `pg dump` utility. Exploitation allows a malicious superuser of the origin server to inject arbitrary code for execution during restore operations performed by the `psql` client. This affects `pg dumpall` and `pg restore` when used to generate plain-format dumps. Approximately 3.3 million devices are estimated to be affected. The issue allows for remote code execution. **Recommendations:** Update to PostgreSQL version 17.6 or later. Update to PostgreSQL version 16.10 or later. Update to PostgreSQL version 15.14 or later. Update to PostgreSQL version 14.19 or later. Update to PostgreSQL version 13.22 or later. As a temporary workaround, use the `--no-comments` option during `pg restore` operations.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL versions 8.0.0 through 8.0.42 Oracle MySQL versions 8.4.0 through 8.4.5 Oracle MySQL versions 9.0.0 through 9.3.0 **Description** A difficult-to-exploit issue exists in the MySQL Client component (mysqldump) of Oracle MySQL. Successful attacks require human interaction from a person other than the attacker and network access via multiple protocols. Exploitation can lead to unauthorized data modification (update, insert, delete) and read access to some MySQL Client accessible data. **Recommendations** Oracle MySQL versions prior to 8.0.43 Oracle MySQL versions prior to 8.4.6 Oracle MySQL versions prior to 9.3.1