SUSE SLES15 / openSUSE 15 Security Update : postgresql13 (SUSE-SU-2023:4455-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4455-1 advisory. - PostgreSQL Project reports: Certain aggregate function calls receiving unknown-type arguments could disclose bytes ...

Leaving Authentication Credentials in Public Code

Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000...

Oracle Linux 9 : libpq (ELSA-2023-6429)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6429 advisory. 13.11-1 - Update to 13.11 Resolves: 2171370 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

The vulnerability of the PostgreSQL database management system lies in the lack of protection for service data in aggregate function calls, allowing attackers to exploit this to disclose protected information.

The vulnerability of the PostgreSQL database management system is related to the lack of protection for service data in aggregate function calls. Exploiting this vulnerability allows a malicious actor to disclose sensitive information when an unknown type is passed as an argument...

The vulnerability of the PostgreSQL database management system lies in the ability to send signals to user processes through the role of pg_signal_backend. This allows a malicious actor to cause a service failure for a specific background process.

The vulnerability of the PostgreSQL database management system relates to the ability to send signals to user processes through the role of pgsignalbackend. Exploiting this vulnerability allows a malicious actor to cause a service failure for a specific background process...

Fedora: Security Advisory for roundcubemail (FEDORA-2023-70578c5599)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-cf584ed77a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: roundcubemail-1.6.5-1.fc38

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 37 Update: roundcubemail-1.6.5-1.fc37

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.5-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CVE-2023-5870

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

CVE-2023-5868

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

CVE-2023-5869

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

UBUNTU-CVE-2023-5869

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2023:4434-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4434-1 advisory. - PostgreSQL Project reports: Certain aggregate function calls receiving unknown-type arguments could disclose bytes of server memo...

PostgreSQL 11.x < 11.22 / 12.x < 12.17 / 13.x < 13.13 / 14.x < 14.10 / 15.x < 15.5 / 16.x < 16.1 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 11 prior to 11.22, 12 prior to 12.17, 13 prior to 13.13, 14 prior to 14.10, 15 prior to 15.5, or 16 prior to 16.1. As such, it is potentially affected by multiple vulnerabilities: - Missing overflow checks let authenticated database users...

Debian: Security Advisory (DSA-5554-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5553-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2023-5868

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

UBUNTU-CVE-2023-5870

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...