86 matches found
RockyLinux 8 : postgresql:15 (RLSA-2023:7884)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7884 advisory. postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls...
MiracleLinux 8 : postgresql:10 (AXSA:2023-6326:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6326:01 advisory. postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after...
EUVD-2019-2172
Malware in sbrugna...
EUVD-2023-33940
Malicious code in bioql PyPI...
EUVD-2025-24811
Malicious code in bioql PyPI...
EUVD-2023-43142
Malicious code in bioql PyPI...
SUSE CVE-2025-8713
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...
CVE-2025-8713
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...
Exposure of Sensitive Information Through Metadata
Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata via optimizer statistics. An attacker can access sensitive sampled data by querying views, partitions, or child tables by crafting a leaky operator that bypasses view access control lis...
Vulnerability in core server (CVE-2025-8713)
PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intende...
CBL Mariner 2.0 Security Update: postgresql (CVE-2023-2455)
The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2455 advisory. - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policie...
EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2023-3146)
According to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker...
postgresql: MERGE fails to enforce UPDATE or SELECT row security policies
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...
RHEL 9 : postgresql:15 (RHSA-2023:7885)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7885 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflo...
AlmaLinux 9 : postgresql:15 (ALSA-2023:7785)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7785 advisory. postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-58...
ALSA-2023:7785 Important: postgresql:15 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...
postgresql: row security policies disregard user ID changes after inlining.
A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...
postgresql: row security policies disregard user ID changes after inlining.
A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...
postgresql: row security policies disregard user ID changes after inlining.
A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...
Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2023-387)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-387 advisory. 2024-02-29: CVE-2022-41862 was added to this advisory. In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryptio...