MiracleLinux 9 : postgresql:16 (AXSA:2024-8742:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8742:01 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during...

PostgreSQL Vulnerable to Privilege Escalation via Improper Checks in 'pg_stats_ext' and 'pg_stats_ext_exprs' Functions

PostgreSQL is vulnerable to privilege escalation. An attacker could exploit this to access views without correct privileges, potentially gaining access to sensitive data that they shouldn't have access to...

Astra Linux - уязвимость в postgresql-15

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...

Rocky Linux 8 : postgresql:16 (RLSA-2024:5927)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5927 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during pgdump...

postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

A flaw was found in PostgreSQL. Missing authorization in the built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the...

postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

A flaw was found in PostgreSQL. Missing authorization in the built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the...

postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

A flaw was found in PostgreSQL. Missing authorization in the built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the...

postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

A flaw was found in PostgreSQL. Missing authorization in the built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the...

Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more detail...

ALSA-2024:5929 Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more detail...

SUSE SLES15 Security Update : postgresql14 (SUSE-SU-2024:2262-3)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2262-3 advisory. - Upgrade to 14.12 bsc1224051: - CVE-2024-4317: Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. See releas...

openSUSE Security Advisory (SUSE-SU-2024:2261-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: postgresql15

Issue Overview: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 Affected Packages: postgresql15 Issue Correction: Run dnf update postgresql15 --releasever 2023.4.20240611 or dnf update --advisory ALAS2023-2024-635 --releasever 2023.4.20240611 to updat...

The vulnerability of the system representations pg_stats_ext and pg_stats_ext_exprs in the PostgreSQL database allows a perpetrator to enhance their privileges.

The vulnerability of the system representations pgstatsext and pgstatsextexprs in the PostgreSQL database is related to errors in privilege management. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

CVE-2024-4317

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...

CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...

PT-2024-3323

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 14.12 PostgreSQL versions prior to 15.7 PostgreSQL versions prior to 16.3 Description: The issue is related to errors in managing privileges in the PostgreSQL database system, specifically in the pg stats ext and ...