BIT-POSTGRESQL-JDBC-DRIVER-2022-41946 TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL12-2024-008)

The version of postgresql installed on the remote host is prior to 12.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL12-2024-008 advisory. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute...

RHEL 8 : postgresql:12 (RHSA-2024:1195)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1195 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW...

Important: libpq

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

pgx security vulnerability

pgx is the PostgreSQL driver and toolkit for Go. A security vulnerability exists in pgx versions prior to 4.18.2 that stems from the presence of SQL injection...

Important: postgresql

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

Medium: postgresql

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 Affected Packages: postgresql Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit...

Important: postgresql

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

Important: libpq

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

Medium: libpq

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 Affected Packages: libpq Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this...

Important: postgresql

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

pgx security vulnerability

pgx is a PostgreSQL driver and toolkit for Go. A security vulnerability exists in pgx that stems from SQL injection via protocol message size overflow...

SUSE: Security Advisory (SUSE-SU-2024:0769-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:0771-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:0773-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : postgresql-jdbc (SUSE-SU-2024:0769-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0769-1 advisory. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the...

Amazon Linux 2 : libpq (ALASPOSTGRESQL12-2024-009)

The version of libpq installed on the remote host is prior to 12.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL12-2024-009 advisory. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-006)

The version of postgresql installed on the remote host is prior to 14.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-006 advisory. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-008)

The version of postgresql installed on the remote host is prior to 14.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-008 advisory. A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL...

SUSE SLES15 / openSUSE 15 Security Update : postgresql-jdbc (SUSE-SU-2024:0773-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0773-1 advisory. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the...