RHEL 8 : postgresql:15 (RHSA-2023:5269)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5269 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective...

Moderate: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

ALSA-2023:5269 Moderate: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

Security Bulletin: IBM Operational Decision Manager August 2023 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-2047...

Security Bulletin: : PostgreSQL Vulnerability Affects IBM Connect:Direct Web Service (CVE-2023-39417)

Summary There is a vulnerability in PostgreSQL versions used by IBM Connect:Direct Web Service. IBM Connect:Direct Web Services has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-39417 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to execute arbitrary cod...

Ubuntu: Security Advisory (USN-6366-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6366-1: PostgreSQL vulnerability

It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser...

USN-6366-1 postgresql-9.5 vulnerability

It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser...

Ubuntu 16.04 ESM : PostgreSQL vulnerability (USN-6366-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6366-1 advisory. It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this iss...

MGASA-2023-0261 Updated postgresql packages fix security vulnerability

Extension script @substitutions@ within quoting allow SQL injection. CVE-2023-39417 MERGE fails to enforce UPDATE or SELECT row security policies. CVE-2023-39418...

Updated postgresql packages fix security vulnerability

Extension script @substitutions@ within quoting allow SQL injection. CVE-2023-39417 MERGE fails to enforce UPDATE or SELECT row security policies. CVE-2023-39418...

Mageia: Security Advisory (MGASA-2023-0261)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2023-322)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-322 advisory. IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or . If an...

Important: postgresql15

Issue Overview: IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an...

Oracle Linux 6 / 7 : php54-php (ELSA-2015-1219)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1219 advisory. - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character...

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities (CVE-2023-2454, CVE-2023-2455)

Summary IBM Data Risk Manager IDRM 2.0.6.18, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.19. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

OESA-2023-1577 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

OESA-2023-1576 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

OESA-2023-1569 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

RLSA-2023:3714 Moderate: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...