RHEL 8 : postgresql:12 (RHSA-2023:7656)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7656 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflo...

CentOS 8 : postgresql:12 (CESA-2023:7714)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:7714 advisory. - IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quotin...

Rocky Linux 8 : postgresql:12 (RLSA-2023:7714)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7714 advisory. - IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting...

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2023-5868 vulnerabilities

Vulnerabilities for packages: postgresql...

CVE-2023-5869 vulnerabilities

Vulnerabilities for packages: postgresql...

PostgreSQL 11.x < 11.22 / 12.x < 12.17 / 13.x < 13.13 / 14.x < 14.10 / 15.x < 15.5 / 16.x < 16.1 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 11 prior to 11.22, 12 prior to 12.17, 13 prior to 13.13, 14 prior to 14.10, 15 prior to 15.5, or 16 prior to 16.1. As such, it is potentially affected by multiple vulnerabilities: - Missing overflow checks let authenticated database users...

Rocky Linux 8 : postgresql:12 (RLSA-2022:4807)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4807 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The...

Rocky Linux 8 : postgresql:12 (RLSA-2021:5235)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5235 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker ca...

Ubuntu: Security Advisory (USN-6296-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6104-1: PostgreSQL vulnerabilities

Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor. CVE-2023-2454 Wolfgang Walther discovered that PostgreSQL incorrectly handled certain row security...

CVE-2022-45786 Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

CVE-2022-45786

CVE-2022-45786 documents a SQL injection in Apache AGE when using the Golang and Python drivers with PostgreSQL 11/12 (up to AGE 1.1.0). Root cause: the cypher() placeholder could not be parameterized, and driver parameterization was insufficient, enabling injections. Mitigation: upgrade the Gola...

Rocky Linux 8 : postgresql:12 (RLSA-2022:7128)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7128 advisory. - A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait fo...

Oracle Linux 8 : postgresql:12 (ELSA-2022-7128)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7128 advisory. postgresql 12.12-1 - Resolves: 2131177 - Update to version 12.12 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 8 : postgresql:12 (RHSA-2022:7128)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7128 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Extension scripts replace objects not...

AlmaLinux 8 : postgresql:12 (ALSA-2022:7128)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7128 advisory. postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 Tenable has extracted the preceding description block directly from the...

SUSE-SU-2022:2988-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - Update to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368...

AlmaLinux 8 : postgresql:12 (ALSA-2022:4807)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4807 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block directly...

RHEL 8 : postgresql:12 (RHSA-2022:4893)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4893 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version:...