PostgreSQL 14.x < 14.12 / 15.x < 15.7 / 16.x < 16.3 Missing Authorization Check

The version of PostgreSQL installed on the remote host is 14 prior to 14.12, 15 prior to 15.7, or 16 prior to 16.3. As such, it is potentially affected by a vulnerability : - Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to...

RHEL 8 : postgresql-jdbc (RHSA-2024:3313)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3313 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...

CVE-2023-51637

Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The specific flaw exists with...

Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

Mageia: Security Advisory (MGASA-2024-0184)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0184 Updated postgresql15 & postgresql13 packages fix security vulnerability

Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. CVE-2024-4317...

Updated postgresql15 & postgresql13 packages fix security vulnerability

Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. CVE-2024-4317...

SUSE SLES12: postgresql14 / postgresql14-contrib / postgresql14-devel / etc (SUSE-SU-2024:1703-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1703-1 advisory. PostgreSQL upgrade to version 14.12 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to t...

SUSE-SU-2024:1703-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: PostgreSQL upgrade to version 14.12 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 1...

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which...

SUSE SLES12: postgresql15 / postgresql15-contrib / postgresql15-devel / etc (SUSE-SU-2024:1653-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1653-1 advisory. PostgreSQL upgrade to version 15.7 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to th...

SUSE SLES12: libecpg6 / libecpg6-32bit / libpq5 / libpq5-32bit / postgresql16 / etc (SUSE-SU-2024:1651-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1651-1 advisory. PostgreSQL upgrade to version 16.3 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to th...

Doctrine SQL injection vulnerability

Doctrine is prone to SQL injection vulnerability. Users of Doctrine 1.2 and 2 should update to the newly released versions of both libraries immediately. Both versions only include the security fix and no other changes to their previous versions 1.2.3 and 2.0.2. Affected versions are: - 1.2.3 and...

Security Bulletin: IBM Security Guardium is vulnerable to sensitive information disclosure (CVE-2023-5868)

Summary IBM Security Guardium has addressed this vulnerability with updates. Vulnerability Details CVEID:CVE-2023-5868 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when perform certain aggregate function calls. By sending a...

SUSE-SU-2024:1653-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: PostgreSQL upgrade to version 15.7 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17...

SUSE-SU-2024:1652-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17...

SUSE-SU-2024:1651-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17...

SUSE: Security Advisory (SUSE-SU-2024:1651-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-4317 vulnerabilities

Vulnerabilities for packages: postgresql...

AZL-40654 CVE-2024-4317 affecting package postgresql for versions less than 16.3-1

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...