Oracle Linux 8 : postgresql:12 (ELSA-2024-0974)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0974 advisory. pgaudit 1.4.0-7 - Release bump to avoid regression in nvrs - Resolves: RHEL-24969 pgrepack postgres-decoderbufs postgresql 12.18-1.0.1 - Update to version 12.18...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

MGASA-2024-0043 Updated postgresql15 and postgresql13 packages fix a security vulnerability

The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...

SUSE SLES15: postgresql12 / postgresql12-contrib / postgresql12-devel / etc (SUSE-SU-2024:0523-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0523-1 advisory. Upgrade to 12.18: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY bsc1219679...

Debian dsa-5622 : libecpg-compat3 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5622 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5622-1...

CVE-2024-24213

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

AZL-34279 CVE-2024-0985 affecting package postgresql for versions less than 14.11-1

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

CVE-2024-0985 PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

PostgreSQL Security Vulnerabilities

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL. An attacker can exploi...

USN-6570-1 postgresql-9.5 vulnerabilities

Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. CVE-2023-5869 Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL...

postgresql: Buffer overrun from integer overflow in array modification

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

Oracle Linux 9 : postgresql:15 (ELSA-2023-7785)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7785 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 15.5-1 - update to 15.5 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and...

postgresql: Buffer overrun from integer overflow in array modification

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

AZL-32106 CVE-2023-5868 affecting package postgresql for versions less than 14.10-1

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

ALPINE-CVE-2023-5870

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

ALPINE-CVE-2023-5868

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

postgresql: Buffer overrun from integer overflow in array modification

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

postgresql: Buffer overrun from integer overflow in array modification

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...