60 matches found
CVE-2026-56082 Supabase - Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPC
Capgo Cap-go/capgo before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.recordbuildtime, which is granted to the anon role and callable with only the public Supabase publishable sbpublishable anon key. An unauthenticated attacker...
Astra Linux – Vulnerability in PostgresSQL 11
A flaw was discovered in PostgreSQL. By using an INSERT...ON CONFLICT...DO UPDATE command on a specially crafted table, an authenticated database user could read arbitrary bytes of server memory. The most significant threat of this vulnerability is to data confidentiality...
JLSEC-2026-32
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
MiracleLinux 8 : postgresql:9.6 (AXSA:2021-2310:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2310:01 advisory. postgresql: Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027 postgresql: Memory disclosure in INSERT ... ON...
MiracleLinux 8 : postgresql:10 (AXSA:2021-2311:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2311:01 advisory. postgresql: Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027 postgresql: Memory disclosure in INSERT ... ON...
MiracleLinux 7 : rh-postgresql95-postgresql-9.5.14-1.el7 (AXSA:2018-3311:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3311:01 advisory. postgresql: Certain host connection parameters defeat client-side security defenses CVE-2018-10915 postgresql: Missing authorization and memory...
MiracleLinux 4 : rh-postgresql95-postgresql-9.5.14-1.AXS4 (AXSA:2018-3313:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3313:01 advisory. postgresql: Certain host connection parameters defeat client-side security defenses CVE-2018-10915 postgresql: Missing authorization and memory...
K000150746: PostgreSQL vulnerabilities CVE-2021-32028 and CVE-2021-32029
Security Advisory Description CVE-2021-32028 A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data...
RHEL 6 / 7 : rh-postgresql96-postgresql (RHSA-2018:2566)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2566 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstre...
Important: postgresql
Issue Overview: A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as...
SUSE CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...
SUSE CVE-2021-32028
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
OESA-2022-1706 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
OESA-2021-1439 postgresql security update
PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...
SUSE SLED12: postgresql10 / postgresql10-contrib / postgresql10-devel / etc (SUSE-SU-2021:3481-1)
The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3481-1 advisory. - Fix for build with llvm12 on s390x. bsc1185952 - Re-enable 'icu' for PostgreSQL 10. bsc1179945 - Add...
ALPINE-CVE-2021-32028
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
DEBIAN-CVE-2021-32028
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
CVE-2021-32028
CVE-2021-32028 affects PostgreSQL families across multiple Linux distributions. A flaw lets an authenticated database user read arbitrary bytes from server memory by abusing an INSERT ... ON CONFLICT ... DO UPDATE on a crafted table, impacting data confidentiality. Public advisories reference aff...
CVE-2021-32028
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
OPENSUSE-SU-2021:1785-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: - Upgrade to version 13.3: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations bsc1185924. - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists bsc1185925. -...