RHEL 9 : postgresql (RHSA-2023:3714)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3714 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective...

ALSA-2023:3780 Important: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

Important: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

Moderate: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

postgresql: schema_element defeats protective search_path changes

A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code...

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

ALSA-2023:3714 Moderate: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

Moderate: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

Security Bulletin: Vulnerabilities in cURL libcurl, PostgreSQL, PyPI cryptography, Node.js can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in cURL libcurl, PostgreSQL, PyPI cryptography, and Node.js. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, and bypassing security restrictions, as described by the CVEs in the...

The vulnerability of the PostgreSQL database management system, related to deficiencies in access control, allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of the SchemaHandler component in the PostgreSQL database management system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code using the CREATE SCHEMA command...

SQL Injection

github.com/megaease/easeprobe is vulnerable to SQL injection. The vulnerability is due to a lack of escaping single quote, double quote, and backtick when using the MySQL/PostgreSQL data checking, which allows an attacker to inject and execute malicious SQL queries into the system...

Security Bulletin: Vulnerabilities in Golang, Python, postgresql, cURL libcurl might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Golang Go, Python, PostgreSQL and cURL libcurl. Vulnerabilities include viewing arbitrary files on the system, consuming all available resources, causing the system to crash, obtaining sensitive information, an...

CVE-2023-30625 rudder-server vulnerable to SQL Injection

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

PT-2023-22822 · Unknown · Postgresql +1

Name of the Vulnerable Software and Affected Versions: rudder-server versions prior to 1.3.0-rc.1 Description: The issue is related to SQL injection, which may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Recommendations: For...

PT-2023-21375 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: Mattermost fails to properly truncate the postgres error log message of a search query failure, allowing an attacker to cause the creation of large log files, which can result in Denial ...

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a resource management error vulnerability that stems from an inability to properly truncate postgres error log messages for failed search queries, which can be exploited by an...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to arbitrary code execution due to PostgreSQL (CVE-2023-2454)

Summary There is a vulnerability in PostgreSQL used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-2454 DESCRIPTION: PostgreSQL could allow a local authenticated attacke...

DEBIAN-CVE-2023-2454

schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code...

ALPINE-CVE-2023-2454

schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code...