Information Disclosure

postgresql is vulnerable to Information Disclosure. The vulnerability exists because a modified, unauthenticated server can send an unterminated string during the establishment of kerberos transport encryption where a libpq's caller makes that message accessible to the attacker...

The vulnerability of the PostgreSQL database management system, related to an uncontrolled search path element, allows a perpetrator to enhance their privileges and execute arbitrary commands.

The vulnerability of the PostgreSQL database management system is related to an uncontrolled element in the search path processing when handling the searchpath parameter. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands...

The vulnerability of the Windows installer in the PostgreSQL database management system allows a hacker to increase their privileges and execute arbitrary code.

The vulnerability of the Windows installer in PostgreSQL database management systems is related to incorrect handling of the search path. Exploiting this vulnerability can allow an attacker to increase their privileges and execute arbitrary code...

Medium: postgresql96

Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...

Security Bulletin: IBM Security Guardium is affected by a PostgreSQL vulnerability (CVE-2022-1552)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2022-1552 DESCRIPTION: PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX,...

Ubuntu 16.04 ESM : PostgreSQL vulnerability (USN-5676-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5676-1 advisory. Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another users...

ROS-20221013-04

A vulnerability in the PostgreSQL database management system is related to errors when using OR commands extensions. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges and replace arbitrary objects in the database...

ROS-20221013-06

A vulnerability in the PostgreSQL database management system is related to errors when using OR commands extensions. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges and replace arbitrary objects in the database...

ROS-20221013-05

A vulnerability in the PostgreSQL database management system is related to errors when using OR commands extensions. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges and replace arbitrary objects in the database...

CVE-2022-34434

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...

SUSE SLED15: postgresql12 / postgresql12-contrib / postgresql12-devel / etc (SUSE-SU-2022:2988-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2988-1 advisory. - Update to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not...

PostgreSQL 10.x < 10.22 / 11.x < 11.17 / 12.x < 12.12 / 13.x < 13.8 / 14.x < 14.5 Vulnerability

The version of PostgreSQL installed on the remote host is 10 prior to 10.22, 11 prior to 11.17, 12 prior to 12.12, 13 prior to 13.8, or 14 prior to 14.5. As such, it is potentially affected by a vulnerability : - A vulnerability exists in postgresql. On this security issue an attack requires...

DEBIAN-CVE-2022-2625

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

The vulnerability of the PostgreSQL database management system, related to errors when using OR commands with extensions, allows a perpetrator to increase their privileges and replace arbitrary objects in the database.

The vulnerability of the PostgreSQL database management system is related to errors that occur when using OR commands with extensions. Exploiting this vulnerability allows a malicious actor to increase their privileges and replace arbitrary objects in the database...

SUSE SLED15 / SLES15 Security Update : postgresql14 (SUSE-SU-2022:1908-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1908-1 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

PT-2022-2514 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: A flaw was found in PostgreSQL related to incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRES...

Exploit for OS Command Injection in Postgresql

CVE-2019–9193 - PostgreSQL 9.3-12.3 Authenticated Remote Code...

MGASA-2022-0056 Updated php-adodb packages fix security vulnerability

Security hotfix release addressing a critical vulnerability in PostgreSQL connections CVE-2021-3850 Additional fixes: Fix usage of getmagic functions 619 657 Fix PHP warning in rs2rs function 679 pdo: Fix Fatal error in query 666 pdo: Fix undefined variable 678 pgsql: Fix Fatal error in close...

Vulnerabilities fixed in IBM Spectrum Protect Plus

IBM has fixed vulnerabilities in Spectrum Protect Plus. The vulnerabilities, which include those in the Node.js and PostgreSQL components of the product, allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data...