Lucene search
K

60 matches found

Vulnrichment
Vulnrichment
added 2026/06/19 9:39 p.m.5 views

CVE-2026-56082 Supabase - Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPC

Capgo Cap-go/capgo before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.recordbuildtime, which is granted to the anon role and callable with only the public Supabase publishable sbpublishable anon key. An unauthenticated attacker...

8.7CVSS6AI score0.00242EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in PostgreSQL. By using an INSERT...ON CONFLICT...DO UPDATE command on a specially crafted table, an authenticated database user could read arbitrary bytes of server memory. The most significant threat of this vulnerability is to data confidentiality...

6.5CVSS7.1AI score0.01449EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 1:27 p.m.3 views

JLSEC-2026-32

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...

6.5CVSS6.8AI score0.01449EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : postgresql:9.6 (AXSA:2021-2310:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2310:01 advisory. postgresql: Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027 postgresql: Memory disclosure in INSERT ... ON...

8.8CVSS7.6AI score0.0199EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.5 views

MiracleLinux 8 : postgresql:10 (AXSA:2021-2311:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2311:01 advisory. postgresql: Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027 postgresql: Memory disclosure in INSERT ... ON...

8.8CVSS7.1AI score0.0199EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : rh-postgresql95-postgresql-9.5.14-1.el7 (AXSA:2018-3311:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3311:01 advisory. postgresql: Certain host connection parameters defeat client-side security defenses CVE-2018-10915 postgresql: Missing authorization and memory...

8.8CVSS6.7AI score0.14142EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 4 : rh-postgresql95-postgresql-9.5.14-1.AXS4 (AXSA:2018-3313:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3313:01 advisory. postgresql: Certain host connection parameters defeat client-side security defenses CVE-2018-10915 postgresql: Missing authorization and memory...

8.8CVSS6.7AI score0.14142EPSS
Exploits1References7
F5 Networks
F5 Networks
added 2025/04/07 6:6 p.m.6 views

K000150746: PostgreSQL vulnerabilities CVE-2021-32028 and CVE-2021-32029

Security Advisory Description CVE-2021-32028 A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data...

6.5CVSS6.7AI score0.01449EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.22 views

RHEL 6 / 7 : rh-postgresql96-postgresql (RHSA-2018:2566)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2566 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstre...

9.1CVSS6.8AI score0.14142EPSS
Exploits1References16
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Important: postgresql

Issue Overview: A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

8.8CVSS7.4AI score0.0199EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.5 views

SUSE CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...

7.1CVSS6.9AI score0.02241EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.4 views

SUSE CVE-2021-32028

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...

6.5CVSS6.8AI score0.01449EPSS
Exploits0References19
OSV
OSV
added 2022/06/10 11:3 a.m.3 views

OESA-2022-1706 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

6.5CVSS7.3AI score0.01501EPSS
Exploits0References4
OSV
OSV
added 2021/11/19 11:3 a.m.4 views

OESA-2021-1439 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

6.5CVSS7.3AI score0.01449EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/10/21 12:0 a.m.44 views

SUSE SLED12: postgresql10 / postgresql10-contrib / postgresql10-devel / etc (SUSE-SU-2021:3481-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3481-1 advisory. - Fix for build with llvm12 on s390x. bsc1185952 - Re-enable 'icu' for PostgreSQL 10. bsc1179945 - Add...

8.8CVSS6.9AI score0.0199EPSS
Exploits0References15
OSV
OSV
added 2021/10/11 5:15 p.m.3 views

ALPINE-CVE-2021-32028

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...

6.5CVSS6.6AI score0.01449EPSS
Exploits0References1
OSV
OSV
added 2021/10/11 5:15 p.m.3 views

DEBIAN-CVE-2021-32028

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...

6.5CVSS7.1AI score0.01449EPSS
Exploits0References1
CVE
CVE
added 2021/10/11 12:0 a.m.390 views

CVE-2021-32028

CVE-2021-32028 affects PostgreSQL families across multiple Linux distributions. A flaw lets an authenticated database user read arbitrary bytes from server memory by abusing an INSERT ... ON CONFLICT ... DO UPDATE on a crafted table, impacting data confidentiality. Public advisories reference aff...

6.5CVSS7.3AI score0.01449EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/10/11 12:0 a.m.33 views

CVE-2021-32028

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...

7.6AI score0.01449EPSS
Exploits0References4
OSV
OSV
added 2021/07/19 10:0 a.m.9 views

OPENSUSE-SU-2021:1785-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: - Upgrade to version 13.3: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations bsc1185924. - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists bsc1185925. -...

8.8CVSS7.5AI score0.0199EPSS
Exploits0References10
Rows per page
Query Builder