postgresql-jdbc security update

42.2.14-2 - Fix CVE-2022-41946...

PnPSCADA 2.x SQL Injection

Exploit Title: PnPSCADA v2.x - Unauthenticated PostgreSQL Injection Date: 15/5/2023 Exploit Author: Momen Eldawakhly Cyber Guy at Samurai Digital Security Ltd Vendor Homepage: https://pnpscada.com/ Version: PnPSCADA cross platforms: v2.x Tested on: Unix CVE : CVE-2023-1934 Proof-of-Concept:...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : PostgreSQL vulnerabilities (USN-6104-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6104-1 advisory. Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could...

Oracle Linux 8 : postgresql-jdbc (ELSA-2023-2867)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2867 advisory. 42.2.14-2 - Fix CVE-2022-41946 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

PnPSCADA v2.x - Unauthenticated PostgreSQL Injection

Exploit Title: PnPSCADA v2.x - Unauthenticated PostgreSQL Injection Date: 15/5/2023 Exploit Author: Momen Eldawakhly Cyber Guy at Samurai Digital Security Ltd Vendor Homepage: https://pnpscada.com/ Version: PnPSCADA cross platforms: v2.x Tested on: Unix CVE : CVE-2023-1934 Proof-of-Concept:...

PT-2023-21096 · Microengine · Microengine Mailform

Name of the Vulnerable Software and Affected Versions: MicroEngine Mailform versions 1.1.0 through 1.1.8 PostgreSQL affected versions not specified Description: The issue allows for the unrestricted upload of files with dangerous types. If the file upload function and server save option are...

PnPSCADA v2.x - Unauthenticated PostgreSQL Injection Vulnerability

Exploit Title: PnPSCADA v2.x - Unauthenticated PostgreSQL Injection Exploit Author: Momen Eldawakhly Cyber Guy at Samurai Digital Security Ltd Vendor Homepage: https://pnpscada.com/ Version: PnPSCADA cross platforms: v2.x Tested on: Unix CVE : CVE-2023-1934 Proof-of-Concept:...

AlmaLinux 8 : postgresql-jdbc (ALSA-2023:2867)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2867 advisory. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or...

CVE-2020-25695 - Multiple features escape "security restricted operation" sandbox

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

CVE-2022-1552 : Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

CVE-2018-1053 - Ensure that all temporary files made with "pg_upgrade" are non-world-readable

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...

CVE-2018-16850 - SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING.

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.More at:...

Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities

Summary IBM Security Verify Information Queue ISIQ v10.0.5 has remediated vulnerabilities in the third-party libraries that it uses. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not...

CVE-2023-2455

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

CVE-2023-2454

A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

SUSE-SU-2023:2219-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Updated to version 13.11: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script bsc1211228. - CVE-2023-2455: Fixed an issue that coul...

Moderate: Red Hat Security Advisory: postgresql-jdbc security update

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...

ALSA-2023:2867 Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file...

Debian: Security Advisory (DLA-3422-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...