Extension script @substitutions@ within quoting allow SQL injection. (CVE-2023-39417) MERGE fails to enforce UPDATE or SELECT row security policies. (CVE-2023-39418)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchpostgresql11< 11.21-1postgresql11-11.21-1.mga8
Mageia8noarchpostgresql13< 13.12-1postgresql13-13.12-1.mga8
Mageia9noarchpostgresql13< 13.12-1postgresql13-13.12-1.mga9
Mageia9noarchpostgresql15< 15.4-1postgresql15-15.4-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	postgresql11	< 11.21-1	postgresql11-11.21-1.mga8
Mageia	8	noarch	postgresql13	< 13.12-1	postgresql13-13.12-1.mga8
Mageia	9	noarch	postgresql13	< 13.12-1	postgresql13-13.12-1.mga9
Mageia	9	noarch	postgresql15	< 15.4-1	postgresql15-15.4-1.mga9

References

bugs.mageia.org/show_bug.cgi?id=32238

www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/

ubuntu 2

nessus 61

openvas 20

osv 17

cloudfoundry 1

cvelist 2

redhatcve 2

ubuntucve 2

prion 2

ibm 9

oraclelinux 5

redhat 21

almalinux 5

debiancve 2

alpinelinux 2

nvd 2

kaspersky 2

cve 2

freebsd 2

veracode 2

broadcom 1

debian 3

rocky 3

redos 4

cbl_mariner 1

rosalinux 1

photon 2

hp 1

ics 1

ubuntu

PostgreSQL vulnerabilities

2023-08-17 00:00:00

PostgreSQL vulnerability

2023-09-13 00:00:00

nessus

SUSE SLES12 Security Update : postgresql15 (SUSE-SU-2023:3342-1)

2023-08-18 00:00:00

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : PostgreSQL vulnerabilities (USN-6296-1)

2023-08-17 00:00:00

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql15 (SUSE-SU-2023:3347-1)

2023-08-18 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2023:3342-1)

2023-08-18 00:00:00

Ubuntu: Security Advisory (USN-6296-1)

2023-08-18 00:00:00

openSUSE: Security Advisory for postgresql15 (SUSE-SU-2023:3347-1)

2024-03-04 00:00:00

osv

postgresql-12, postgresql-14, postgresql-15 vulnerabilities

2023-08-17 11:56:22

CVE-2023-39418

2023-08-11 13:15:09

Important: postgresql:15 security update

2023-12-20 00:00:00

cloudfoundry

USN-6296-1: PostgreSQL vulnerabilities | Cloud Foundry

2024-03-18 00:00:00

cvelist

CVE-2023-39418 Postgresql: merge fails to enforce update or select row security policies

2023-08-11 12:19:15

CVE-2023-39417 Postgresql: extension script @substitutions@ within quoting allow sql injection

2023-08-11 12:19:15

redhatcve

CVE-2023-39418

2023-08-11 06:19:28

CVE-2023-39417

2023-08-11 06:19:18

ubuntucve

CVE-2023-39418

2023-08-11 00:00:00

CVE-2023-39417

2023-08-11 00:00:00

prion

Command injection

2023-08-11 13:15:00

Sql injection

2023-08-11 13:15:00

ibm

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to security bypass due to PostgreSQL (CVE-2023-39418)

2024-02-19 08:15:50

Security Bulletin: Extension script @substitutions@ within quoting allow SQL injection in EDB PostgresSQL

2024-01-03 18:17:39

Security Bulletin: : PostgreSQL Vulnerability Affects IBM Connect:Direct Web Service (CVE-2023-39417)

2023-09-14 06:55:45

oraclelinux

postgresql:15 security update

2023-12-13 00:00:00

postgresql:15 security update

2023-12-20 00:00:00

postgresql:12 security update

2023-12-18 00:00:00

redhat

(RHSA-2023:7883) Important: postgresql:15 security update

2023-12-20 09:19:16

(RHSA-2023:7785) Important: postgresql:15 security update

2023-12-13 14:48:30

(RHSA-2023:7885) Important: postgresql:15 security update

2023-12-20 09:19:18

almalinux

Important: postgresql:15 security update

2023-12-20 00:00:00

Important: postgresql:15 security update

2023-12-13 00:00:00

Important: postgresql:12 security update

2023-12-11 00:00:00

debiancve

CVE-2023-39418

2023-08-11 13:15:09

CVE-2023-39417

2023-08-11 13:15:09

alpinelinux

CVE-2023-39418

2023-08-11 13:15:09

CVE-2023-39417

2023-08-11 13:15:09

nvd

CVE-2023-39418

2023-08-11 13:15:09

CVE-2023-39417

2023-08-11 13:15:09

kaspersky

KLA52239 RCE vulnerability in PostgreSQL

2023-08-10 00:00:00

KLA52240 RCE vulnerability in PostgreSQL

2023-08-10 00:00:00

cve

CVE-2023-39418

2023-08-11 13:15:09

CVE-2023-39417

2023-08-11 13:15:09

freebsd

postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies

2023-08-10 00:00:00

postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection

2023-08-10 00:00:00

veracode

Denial Of Service (DoS)

2023-08-16 00:26:29

SQL Injection

2023-08-16 00:26:16

broadcom

Extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

2024-04-16 00:00:00

debian

[SECURITY] [DSA 5553-1] postgresql-15 security update

2023-11-13 21:15:25

[SECURITY] [DLA 3600-1] postgresql-11 security update

2023-10-03 21:57:11

[SECURITY] [DSA 5554-1] postgresql-13 security update

2023-11-13 21:27:39

rocky

postgresql:15 security update

2024-01-09 04:08:12

postgresql:12 security update

2024-01-09 04:07:10

postgresql:13 security update

2023-12-06 23:16:33

redos

ROS-20231009-01

2023-10-09 00:00:00

ROS-20240329-14

2024-03-29 00:00:00

ROS-20240329-12

2024-03-29 00:00:00

cbl_mariner

CVE-2023-39417 affecting package postgresql for versions less than 14.10-1

2024-01-14 22:46:30

rosalinux

Advisory ROSA-SA-2024-2359

2024-02-27 09:01:10

photon

Important Photon OS Security Update - PHSA-2023-3.0-0632

2023-08-14 00:00:00

Important Photon OS Security Update - PHSA-2023-4.0-0450

2023-08-14 00:00:00

HP Device Manager Vulnerability Update (5.0.12)

2024-01-26 00:00:00

ics

Siemens SINEC NMS

2024-02-15 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

50.6%

JSON

Related for MGASA-2023-0261