Amazon Linux 2 : libpq (ALASPOSTGRESQL12-2023-003)

The version of libpq installed on the remote host is prior to 12.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL12-2023-003 advisory. 2024-02-29: CVE-2021-23222 was added to this advisory. A man-in-the-middle attacker can inject false responses to...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2023-002)

The version of postgresql installed on the remote host is prior to 14.3-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2023-002 advisory. A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...

Cloud Backup "Inner SQL exception in the service provider infrastructure"

The error documented in this article can occur due to various reasons. This article specifically addresses a single scenario related to the underlying SQL database engine used by the Veeam Cloud Service Provider. The log snippet provided in the 'Cause' section offers context to help confirm wheth...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL12-2023-001)

The version of postgresql installed on the remote host is prior to 12.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL12-2023-001 advisory. postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 This...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2023-001)

The version of postgresql installed on the remote host is prior to 13.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2023-001 advisory. postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 This...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2023-001)

The version of postgresql installed on the remote host is prior to 14.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2023-001 advisory. postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 This...

pgAdmin Command Execution Vulnerability

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A command execution vulnerability exists in pgAdmin that stems from an inability to properly control server code executed on this API, which could be exploited by an authenticated attacker to ru...

The vulnerability of the unserialize() function in the PostgreSQL administration web tool phpPgAdmin allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the unserialize function in the phpPgAdmin web administration tool for PostgreSQL is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

Fedora: Security Advisory for roundcubemail (FEDORA-2023-b2e5612471)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: postgresql

Issue Overview: A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protection...

Important: postgresql

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the defau...

Important: postgresql

Issue Overview: A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protection...

Important: postgresql

Issue Overview: IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an...

Important: postgresql

Issue Overview: A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

Important: postgresql

Issue Overview: A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

Important: postgresql

Issue Overview: IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an...

Important: postgresql

Issue Overview: IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an...

Important: postgresql

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the defau...

Important: postgresql

Issue Overview: IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an...

Important: postgresql

Issue Overview: This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. CVE-2023-2454 While CVE-2016-2193 fixed most interaction between row...