Rocky Linux 9 : postgresql:15 (RLSA-2023:4327)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4327 advisory. - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with...

15 security update

pgaudit pgrepack postgres-decoderbufs postgresql 15.3-1 - update to 15.3 - Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: 2214875...

AlmaLinux 9 : postgresql:15 (ALSA-2023:4327)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4327 advisory. postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining...

Oracle Linux 9 : 15 (ELSA-2023-4327)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4327 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 15.3-1 - update to 15.3 - Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: 2214875 Tenable has extracte...

PT-2023-4422 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to a SQL injection vulnerability in PostgreSQL extensions that use specific constructs @extowner@, @extschema@, or @extschema:...@ inside quoting constructs dollar...

PT-2023-5455 · Unknown · Phppgadmin

Name of the Vulnerable Software and Affected Versions: phpPgAdmin versions 7.14.4 and earlier Description: The issue is related to the unserialize function in the phpPgAdmin web tool for administering PostgreSQL databases, which is vulnerable due to shortcomings in the deserialization mechanism...

PT-2023-4423 · Unknown +9 · Postgresql +8

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 15 and later Description: A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies...

Rudder Server SQL Injection / Remote Code Execution Exploit

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...

Rudder Server SQLI Remote Code Execution

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...

postgresql: schema_element defeats protective search_path changes

A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code...

Moderate: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

Rudder Server SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rudder Server SQLI Remote Code Execution', 'Description' = %q This Metasploit module exploits a SQL injection vulnerability in RudderStack's...

ALSA-2023:4327 Moderate: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

RHEL 9 : postgresql:15 (RHSA-2023:4327)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4327 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective...

Moderate: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

Security Bulletin: Vulnerabilities in Golang, Python, postgresql, cURL libcurl might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Golang Go, Python, PostgreSQL and cURL libcurl. Vulnerabilities include executing in the victim's Web browser within the security context of the hosting site, executing arbitrary code as the bootstrap superuser on the...

postgresql: schema_element defeats protective search_path changes

A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code...

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

Moderate: Red Hat Security Advisory: rh-postgresql12-postgresql security update

An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...