CVE-2020-21469

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pgreloadconf access...

The vulnerability of the PostgreSQL database management system, related to the possibility of SQL injections in extensions, allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of the PostgreSQL database management system lies in the possibility of SQL injections through extensions that use citation constructs @extowner@, @extschema@, or @extschema:... within parentheses dollar quoting, 'or "'. Exploiting this vulnerability allows a malicious actor to...

The vulnerability of the PostgreSQL database management system, related to deficiencies in access control, allows attackers to read and update protected data.

The vulnerability of the PostgreSQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to read and update sensitive data that is protected by security measures...

Security Bulletin: IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-2454)

Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability. Vulnerability Details CVEID:CVE-2023-2454 DESCRIPTION: PostgreSQL could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in CREATE SCHEMA ... schemaelement. By sending a...

Ubuntu: Security Advisory (USN-6296-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:3348-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: - Update to 14.9 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. bsc1214059...

SUSE-SU-2023:3347-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: - Update to 15.4 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. bsc1214059 - CVE-2023-39418: Fix MERGE to enforce row security. bsc1214061...

SUSE-SU-2023:3345-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: - Update to 13.12 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. bsc1214059...

SUSE-SU-2023:3344-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: - Update to 13.12 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. bsc1214059...

SUSE-SU-2023:3344-2 Security update for postgresql15

This update for postgresql15 fixes the following issues: - Update to 13.12 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. bsc1214059...

USN-6296-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. CVE-2023-39417 It was discovered that PostgreSQL incorrectly handled the MERGE...

USN-6296-1 postgresql-12, postgresql-14, postgresql-15 vulnerabilities

It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. CVE-2023-39417 It was discovered that PostgreSQL incorrectly handled the MERGE...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : PostgreSQL vulnerabilities (USN-6296-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6296-1 advisory. It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREAT...

PostgreSQL 11.x < 11.21 / 12.x < 12.16 / 13.x < 13.12 / 14.x < 14.9 / 15.x < 15.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 11 prior to 11.21, 12 prior to 12.16, 13 prior to 13.12, 14 prior to 14.9, or 15 prior to 15.4. As such, it is potentially affected by a vulnerability : - An extension script is vulnerable if it uses @extowner@, @extschema@, or...

PostgreSQL 15.x < 15.4 Protection Mechanism Failure

The version of PostgreSQL installed on the remote host is 15 prior to 15.4. As such, it is potentially affected by a vulnerability : - PostgreSQL 15 introduced the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policie...

SUSE CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

Denial Of Service (DoS)

postgresql is vulnerable to Denial Of Service DoS. This vulnerability occurs when a user sends a specially crafted MERGE command to PostgreSQL. If the command is valid, PostgreSQL could be tricked into entering an infinite loop which could prevent PostgreSQL from serving requests, resulting in a...

SQL Injection

postgresql is vulnerable to SQL injection. This vulnerability occurs when a user sends a specially crafted query that uses the @extowner@ function. If the query is valid, PostgreSQL could be tricked into executing arbitrary SQL code...

Postgresql: extension script @substitutions@ within quoting allow sql injection

...

FreeBSD : postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection (cfd2a634-3785-11ee-94b4-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cfd2a634-3785-11ee-94b4-6cc21735f730 advisory. - IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@,...