13198 matches found
SUSE-SU-2023:2199-1 Security update for postgresql12
This update for postgresql12 fixes the following issues: Updated to version 12.15: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script bsc1211228. - CVE-2023-2455: Fixed an issue that coul...
SUSE-SU-2023:2198-1 Security update for postgresql12
This update for postgresql12 fixes the following issues: Updated to version 12.15: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script bsc1211228. - CVE-2023-2455: Fixed an issue that coul...
[SECURITY] [DLA 3422-1] postgresql-11 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3422-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 15, 2023 https://wiki.debian.org/LTS -...
Debian: Security Advisory (DSA-5401-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
postgresql-jdbc security update
42.2.27-1 - rebase to 42.2.27 - fix for CVE-2022-41946...
DLA-3422-1 postgresql-11 - security update
Bulletin has no description...
Debian dla-3422 : libecpg-compat3 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3422 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3422-1 [email protected]...
Oracle Linux 9 : postgresql-jdbc (ELSA-2023-2378)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-2378 advisory. 42.2.27-1 - rebase to 42.2.27 - fix for CVE-2022-41946 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
SUSE CVE-2023-2454
schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code...
SUSE CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
PostgreSQL 11.x < 11.20 / 12.x < 12.15 / 13.x < 13.11 / 14.x < 14.8 / 15.x < 15.3 Multiple Vulnerabilities
The version of PostgreSQL installed on the remote host is 11 prior to 11.20, 12 prior to 12.15, 13 prior to 13.11, 14 prior to 14.8, or 15 prior to 15.3. As such, it is potentially affected by multiple vulnerabilities : - CREATE SCHEMA ... schemaelement defeats protective searchpath changesmore...
AlmaLinux 9 : postgresql-jdbc (ALSA-2023:2378)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:2378 advisory. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or...
Debian DSA-5401-1 : postgresql-13 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5401 advisory. Two security issues were found in PostgreSQL, which may result in privilege escalation or incorrect policy enforcement. For the stable distribution bullseye, thes...
CVE-2023-32305
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the...
Privilege escalation
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the...
CVE-2023-32305
CVE-2023-32305 affects the PostgreSQL extension aiven-extras . The root cause is missing schema qualifiers on privileged functions called by the extension, allowing a low-privilege user to create objects that collide with existing function names and have them executed, enabling escalation to the ...
CVE-2023-32305 aiven-extras PostgreSQL Privilege Escalation Through Overloaded Search Path
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the...
CVE-2023-32305 aiven-extras PostgreSQL Privilege Escalation Through Overloaded Search Path
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the...
SDG PnPSCADA
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to interact with the database and retrieve...
CVE-2023-1934
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...