MiracleLinux 9 : postgresql-13.10-1.el9 (AXSA:2023-5280:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5280:02 advisory. postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 postgresql: Client memory disclosure when connecting wit...

MiracleLinux 8 : postgresql:13 (AXSA:2023-5263:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5263:01 advisory. postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 postgresql: Client memory disclosure when connecting wit...

UBUNTU-CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

postgresql: Extension scripts replace objects not belonging to the extension.

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

ROS-20221013-05

A vulnerability in the PostgreSQL database management system is related to errors when using OR commands extensions. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges and replace arbitrary objects in the database...

SUSE-SU-2022:2989-2 Security update for postgresql14

This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368. - Upgrade to version 14.4 bsc1200437 - Release notes:...

SUSE-SU-2022:2912-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: - Update to 13.8: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368...

The vulnerability of the PostgreSQL database management system, related to errors when using OR commands with extensions, allows a perpetrator to increase their privileges and replace arbitrary objects in the database.

The vulnerability of the PostgreSQL database management system is related to errors that occur when using OR commands with extensions. Exploiting this vulnerability allows a malicious actor to increase their privileges and replace arbitrary objects in the database...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats stems from deficiencies in the deserialization mechanism. This allows attackers to gain access to protected information and replace objects on the server side.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to gain access to protected information and replace objects on the server side by...