Low: postgresql15

Issue Overview: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 Affected Packages: postgresql15 Issue Correction: Run dnf update postgresql15 --releasever 2023.4.20240611 or dnf update --advisory ALAS2023-2024-635 --releasever 2023.4.20240611 to updat...

Important: postgresql

Issue Overview: While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server memory. The...

Amazon Linux 2 : postgresql (ALAS-2024-2567)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2567 advisory. While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a...

Important: postgresql

Issue Overview: While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server memory. The...

Low: postgresql

Issue Overview: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 Affected Packages: postgresql Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section...

Ubuntu: Security Advisory (USN-6825-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-011)

The version of postgresql installed on the remote host is prior to 14.12-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-011 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 Tenable has extracted t...

USN-6825-1: ADOdb vulnerabilities

It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. CVE-2016-7405 It was discovered that ADOdb was incorrectly handling GET parameters in...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : ADOdb vulnerabilities (USN-6825-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6825-1 advisory. It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possib...

Fedora: Security Advisory (FEDORA-2024-680b8ba54e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20240607-06

Vulnerability of system views pgstatsext, pgstatsextexprs of PostgreSQL DBMS is related to privilege management errors in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...

ROS-20240607-07

Vulnerability of system views pgstatsext, pgstatsextexprs of PostgreSQL DBMS is related to privilege management errors in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...

ROS-20240607-05

The vulnerability of the system views pgstatsext, pgstatsextexprs of the PostgreSQL DBMS is related to errors in privilege management. in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...

openSUSE Security Advisory (SUSE-SU-2024:1777-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:1768-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2019-9193

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pgexecuteserverprogram' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary...

RHEL 4 : postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: SQL injection due unsanitized newline characters in object names CVE-2012-0868 - CREATE TRIGG...

RHEL 6 : postgresql-jdbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - PostgreSQL: Postgres JDBC driver does not perform host name validation by default CVE-2018-10936 Note that Nessus h...

RHEL 4 : tcl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: tempory DoS caused by slow regex NFA cleanup CVE-2007-6067 - The regular expression parser in...

RHEL 8 : postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: server processes unencrypted bytes from man-in-the-middle CVE-2021-23214 - An issue was...