Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : PostgreSQL vulnerabilities (USN-7132-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7132-1 advisory. It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this...

PostgreSQL 12.x < 12.21 / 13.x < 13.17 / 14.x < 14.14 / 15.x < 15.9 / 16.x < 16.5 / 17.x < 17.1 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 12 prior to 12.21, 13 prior to 13.17, 14 prior to 14.14, 15 prior to 15.9, 16 prior to 16.5, or 17 prior to 17.1. As such, it is potentially affected by multiple vulnerabilities : - Incorrect control of environment variables in PostgreSQL...

RHEL 9 : postgresql:16 (RHSA-2024:5929)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5929 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and...

RHEL 8 : postgresql:16 (RHSA-2024:5927)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5927 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and...

RHEL 6 / 7 : rh-postgresql94-postgresql (RHSA-2017:3403)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3403 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: Privilege escalation flaws were found in th...

RHEL 6 / 7 : rh-postgresql95-postgresql (RHSA-2017:2677)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2677 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstre...

PT-2024-5504 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 16.4 PostgreSQL versions prior to 15.8 PostgreSQL versions prior to 14.13 PostgreSQL versions prior to 13.16 PostgreSQL versions prior to 12.20 Description: A Time-of-check Time-of-use TOCTOU race condition in pg...

Important: Red Hat Security Advisory: RHACS 4.2 security update

Updated images are now available for Red Hat Advanced Cluster Security 4.2.4. The updated images includes security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Security Bulletin: Vulnerabilities in PostgreSQL, Golang might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in PostgreSQL, and Golang Go. Vulnerabilities include causing a denial of service condition, sending a specially crafted request to launch further attacks against the affected system, and executing arbitrary code on the...

Important: postgresql15

Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...

RHEL 8 : postgresql:12 (RHSA-2023:7666)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7666 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective...

Debian DSA-5553-1 : postgresql-15 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5553 advisory. Several vulnerabilities have been discovered in the PostgreSQL database system. CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate functio...

[SECURITY] [DSA 5553-1] postgresql-15 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5553-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2023 https://www.debian.org/security/faq -...

Vulnerabilities fixed in PostgreSQL

Vulnerabilities have been fixed in PostgreSQL. A malicious person could exploit the vulnerabilities to gain access to system data, cause a denial-of-service, or to execute arbitrary code with application privileges. The vulnerabilities have also been fixed in PostgreSQL 11 11.22. This are, howeve...

Important: postgresql

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the defau...

USN-6296-1 postgresql-12, postgresql-14, postgresql-15 vulnerabilities

It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. CVE-2023-39417 It was discovered that PostgreSQL incorrectly handled the MERGE...

RHEL 7 : rh-postgresql10-postgresql (RHSA-2020:0980)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0980 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

ROS-2-1874

2.1874 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...

ROS-2-1972

2.1972 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...

ROS-2-1947

2.1947 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...