postgresql-server -- Role pg_cancel_backend can signal certain superuser processes

PostgreSQL Project reports: Documentation says the pgcancelbackend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the autovacuum launcher. Signaling autovacuum...

Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2023-3146)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : postgresql-server -- Memory disclosure in aggregate function calls (31f45d06-7f0e-11ee-94b4-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 31f45d06-7f0e-11ee-94b4-6cc21735f730 advisory. - Memory disclosure in aggregate function callsmore details CVE-2023-5868 Note that Nessus has not test...

FreeBSD : postgresql-server -- Buffer overrun from integer overflow in array modification (0f445859-7f0e-11ee-94b4-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0f445859-7f0e-11ee-94b4-6cc21735f730 advisory. - Buffer overrun from integer overflow in array modificationmore details CVE-2023-5869 Note that Nessus...

FreeBSD : postgresql-server -- Role pg_cancel_backend can signal certain superuser processes (bbb18fcb-7f0d-11ee-94b4-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bbb18fcb-7f0d-11ee-94b4-6cc21735f730 advisory. - Role pgcancelbackend can signal certain superuser processesmore details CVE-2023-5870 Note that Nessu...

rubygem-activerecord: Denial of Service

A flaw was found in the rubygem-activerecord. RubyGem's ActiveRecord is vulnerable to a denial of service caused by a flaw in the PostgreSQL adapter. By sending a specially-crafted request, a remote attacker can cause a slow sequential scan, resulting in a denial of service...

PT-2023-6890 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: A memory disclosure issue was found in PostgreSQL, allowing remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Thi...

PT-2023-6838 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: A flaw in PostgreSQL allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an intege...

postgresql: Client memory disclosure when connecting with Kerberos to modified server

A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...

Low: Red Hat Security Advisory: libpq security update

An update for libpq is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Rocky Linux 8 : postgresql-jdbc (RLSA-2020:3176)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:3176 advisory. - PostgreSQL JDBC Driver aka PgJDBC before 42.2.13 allows XXE. CVE-2020-13692 Note that Nessus has not tested for this issue but has instead relied only on the...

Low: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 For more details about the security issues, including the...

ALSA-2023:6429 Low: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 For more details about the security issues, including the...

RHEL 9 : libpq (RHSA-2023:6429)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6429 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql:...

Rocky Linux 8 : postgresql:10 (RLSA-2023:0113)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0113 advisory. - A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait fo...

Rocky Linux 8 : postgresql:10 (RLSA-2022:4805)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4805 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The...

Rocky Linux 9 : postgresql-jdbc (RLSA-2023:0318)

The remote Rocky Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2023:0318 advisory. - PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC...

Rocky Linux 8 : postgresql:13 (RLSA-2021:5236)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5236 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker ca...

Rocky Linux 8 : postgresql:10 (RLSA-2022:1830)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1830 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject...

Rocky Linux 8 : postgresql:12 (RLSA-2020:5620)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:5620 advisory. - It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. A...