CentOS 8 : postgresql:12 (CESA-2020:5620)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5620 advisory. - postgresql: Uncontrolled search path element in logical replication CVE-2020-14349 - postgresql: Uncontrolled search path element in CREATE EXTENSION...

RHEL 8 : postgresql:12 (RHSA-2021:0163)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0163 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

RHEL 8 : postgresql:9.6 (RHSA-2020:5661)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5661 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

RHEL 8 : postgresql:12 (RHSA-2020:5620)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5620 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

postgresql:12 security update

An update is available for pgaudit, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database...

USN-4472-1 postgresql-10, postgresql-12, postgresql-9.5 vulnerabilities

Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14349 Andres Freund discover...

USN-4472-1: PostgreSQL vulnerabilities

Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14349 Andres Freund discover...

PostgreSQL 9.5.x < 9.5.23 / 9.6.x < 9.6.19 / 10.x < 10.14 / 11.x < 11.9 / 12.x < 12.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.5 prior to 9.5.23, 9.6 prior to 9.6.19, 10 prior to 10.14, 11 prior to 11.9, or 12 prior to 12.4. As such, it is potentially affected by multiple vulnerabilities : - Uncontrolled search path element in logical replication CVE-2020-14349 ...

Vulnerability in core server (CVE-2020-14350)

Uncontrolled search path element in CREATE EXTENSION When a superuser runs certain CREATE EXTENSION statements, users may be able to execute arbitrary SQL functions under the identity of that superuser. The attacker must have permission to create objects in the new extension's schema or a schema ...