97 matches found
EUVD-2024-33374
Malicious code in bioql PyPI...
TencentOS Server 3: postgresql:10 (TSSA-2023:0199)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0199 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Alibaba Cloud Linux 3 : 0109: postgresql:13 (ALINUX3-SA-2023:0109)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0109 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-2454: schemaelement defeats...
Advisory ROSA-SA-2025-2743
Software: postgresql14 14.13 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.13-2PGDG.0.1.rv30 CVE-ID: CVE-2023-2454 BDU-ID: 2023-03247 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to access...
Oracle Linux 8 : postgresql:16 (ELSA-2024-10831)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-10831 advisory. - Fixes: CVE-2024-10976 CVE-2024-10978 CVE-2024-10979 - Fix CVE-2024-7348 - Fixes: CVE-2023-2454 CVE-2023-2455 Tenable has extracted the preceding...
BIT-POSTGRESQL-2024-10976 PostgreSQL row security below e.g. subqueries disregards user ID changes
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
CVE-2024-10976
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
CVE-2023-2455
creationtimestamp| type| source ---|---|--- 2024-11-14 13:05:04+00:00| seen| https://infosec.exchange/users/cve/statuses/113481449755283145 2024-11-14 14:59:09+00:00| seen| https://t.me/cvedetector/10948 2025-02-14 10:03:10+00:00| seen| Telegram/T7bmhZyyY3q44NdwHtBlh0uklY8nk4hbekeMxCZgwv81B...
PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes
PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery...
Advisory ROSA-SA-2024-2486
Software: postgresql15 15.7 OS: rosa-server79 packageevrstring: postgresql15-15.7-1PGDG.res7 CVE-ID: CVE-2023-39418 BDU-ID: 2023-04768 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to access delimitation flaws. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2485
Software: postgresql14 14.12 OS: rosa-server79 packageevrstring: postgresql14-14.12-1PGDG.res7 CVE-ID: CVE-2022-41862 BDU-ID: 2023-02003 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to information disclosure. Exploitation of the vulnerability...
Oracle Linux 9 : postgresql:15 (ELSA-2024-6020)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6020 advisory. - Fix CVE-2024-0985 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418 - Fixes CVE-2023-2454 and CVE-2023-2455...
CBL Mariner 2.0 Security Update: postgresql (CVE-2023-2455)
The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2455 advisory. - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policie...
Important: postgresql
Issue Overview: This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. CVE-2023-2454 While CVE-2016-2193 fixed most interaction between row...
Important: Red Hat Security Advisory: rh-postgresql13-postgresql security update
An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: postgresql:13 security update
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated...
Important: Red Hat Security Advisory: postgresql:12 security update
An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated...
RHEL 8 : postgresql:13 (RHSA-2023:7695)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7695 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective...
Important: Red Hat Security Advisory: postgresql:12 security update
An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
Important: Red Hat Security Advisory: postgresql:13 security update
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...