Vulnerability fixed in pgAdmin

A vulnerability has been fixed in pgAdmin. The vulnerability allows an authenticated malicious person to execute arbitrary code execute arbitrary code on the PostgreSQL server. The developers of pgAdmin have released updates to fix the vulnerability in pgAdmin 7.7. For more information, see:...

FreeBSD : postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies (59a43a73-3786-11ee-94b4-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 59a43a73-3786-11ee-94b4-6cc21735f730 advisory. - A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new ro...

FreeBSD : postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection (cfd2a634-3785-11ee-94b4-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cfd2a634-3785-11ee-94b4-6cc21735f730 advisory. - IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@,...

Ubuntu 16.04 ESM : PostgreSQL vulnerability (USN-6230-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6230-1 advisory. Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrar...

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution RCE on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping ORM library and prepared statements," SonarSource researcher Thomas...

FreeBSD : postgresql-server -- Row security policies disregard user ID changes after inlining (4b636f50-f011-11ed-bbae-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4b636f50-f011-11ed-bbae-6cc21735f730 advisory. - Row security policies disregard user ID changes after inliningmore details CVE-2023-2455 Note that...

postgresql: server processes unencrypted bytes from man-in-the-middle

It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands...

postgresql: server processes unencrypted bytes from man-in-the-middle

It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands...

GHSA-2XPJ-F5G2-8P7M Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...

[SECURITY] Fedora 33 Update: postgresql-12.6-1.fc33

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

Important: Red Hat Security Advisory: libpq security update

An update for libpq is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Debian DLA-2363-1 : asyncpg security update

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder. For Debian 9 stretch, this problem has been fixed in version...

[SECURITY] [DLA 2363-1] asyncpg security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2363-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta September 03, 2020 https://wiki.debian.org/LTS -...

Code injection

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...

PYSEC-2020-24

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...

CVE-2020-17446

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...

Fedora Update for postgresql FEDORA-2019-986fce48b4

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Vulnerability in core server (CVE-2019-10164)

Stack-based buffer overflow via setting a password An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as th...

Debian DLA-1642-1 : postgresql-9.4 new minor release

The PostgreSQL project has release a new minor release of the 9.4 branch. For Debian 8 'Jessie', this has been uploaded as version 9.4.20-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. NOTE: Tenable Network Security has extracted the preceding description block directly fro...

[SECURITY] Fedora 27 Update: postgresql-9.6.8-1.fc27

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...