45 matches found
JLSEC-2026-41
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
JLSEC-2026-47
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
MiracleLinux 8 : postgresql:13 (AXSA:2023-6336:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6336:01 advisory. postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after...
postgresql:15 security update
An update is available for pgrepack, module.pgaudit, postgres-decoderbufs, module.pgrepack, module.postgres-decoderbufs, pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RockyLinux 8 : postgresql:15 (RLSA-2023:5269)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5269 advisory. postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining...
Important: postgresql15
Issue Overview: PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available ...
postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...
postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...
postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...
postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...
postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...
Linux Distros Unpatched Vulnerability : CVE-2023-2455
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific...
ALPINE-CVE-2025-8713
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...
UBUNTU-CVE-2025-8713
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...
K000152931: Multiple PostgreSQL vulnerabilities
Security Advisory Description CVE-2023-2455 Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other...
TencentOS Server 3: postgresql:12 (TSSA-2024:1120)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1120 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 4: postgresql (TSSA-2024:0559)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0559 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
TencentOS Server 3: postgresql:15 (TSSA-2024:1121)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1121 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
K000149707: PostgreSQL vulnerability CVE-2024-10976
Security Advisory Description Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a...
Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)
The version of postgresql installed on the remote host is prior to 13.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2024-008 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...