RHEL 6 / 7 : rh-postgresql94-postgresql (RHSA-2016:0348)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0348 advisory. PostgreSQL is an advanced object-relational database management system DBMS. An integer overflow flaw, leading to a heap-based buffer overflow, w...

RHEL 6 / 7 : postgresql92-postgresql (RHSA-2015:2083)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2083 advisory. PostgreSQL is an advanced object-relational database management system DBMS. A memory leak error was discovered in the crypt function of...

Buffer overrun from integer overflow in array modification (CVE-2023-5869)

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

PostgreSQL Memory disclosure in aggregate function calls (CVE-2023-5868)

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

K000148351: PostgreSQL vulnerabilities CVE-2017-15098, CVE-2017-14798, CVE-2016-7048, CVE-2016-5424, and CVE-2016-5423

Security Advisory Description CVE-2017-15098 Invalid jsonpopulaterecordset or jsonbpopulaterecordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory...

RHSA-2024:8495 Red Hat Security Advisory: postgresql security update

Bulletin has no description...

VulnCheck KEV: CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a...

This Week in Spring - October 29th, 2024

Hi, Spring fans! How're things? It's almost Halloween! I'm so excited! I'm going as a PHP program. Boooooooo...t. I'm writing this from the amazing Vaadin Create conference in Frankfurt, Germany, about to do my keynote for an amazing, Spring-loving audience here. So, without further ado, let's di...

Virtuozzo Hybrid Infrastructure 6.3 (6.3.0-170)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service and our ecosystem of backup and disaster recovery solutions. Additionally, this release delivers stability and security improvements, and addresses issues found in previous releases...

RHEL 7 : postgresql (RHSA-2024:8495)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8495 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...

SUSE SLES15 Security Update : postgresql16 (SUSE-SU-2024:3159-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3159-2 advisory. - Upgrade to 16.4 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013 - CVE-2024-4317:...

K000148250: PostgreSQL vulnerabilities CVE-2016-0766, CVE-2015-3167, CVE-2015-0243, CVE-2015-0242, and CVE-2015-0241

Security Advisory Description CVE-2016-0766 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via...

Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.4 bsc1229013 CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013 CVE-2024-4317: Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. See the release note...

SUSE-SU-2024:3159-2 Security update for postgresql16

This update for postgresql16 fixes the following issues: - Upgrade to 16.4 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013 - CVE-2024-4317: Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. See the releas...

CVE-2024-49756

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

CVE-2024-49756

AshPostgres (Ash Framework data layer) has a vulnerability in versions 2.0.0 through 2.4.9 where update actions that are empty (no field changes) could skip policies and trigger side effects. The issue is limited to such actions and does not enable reading new data. It requires specific condition...