Vulnerability in core server (CVE-2023-2455)

Row security policies disregard user ID changes after inlining While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies ar...

PostgresNIO processes unencrypted bytes from man-in-the-middle

Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...

PT-2023-2996 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to row security policies in PostgreSQL, which can be disregarded when user ID changes occur after inlining. This can lead to incorrect policies being applied,...

PT-2023-3148 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to a component of the PostgreSQL database management system, specifically the Schema Handler, which has inadequate access control. This can allow a remote attacker...

CVE-2023-31136

PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...

CVE-2023-31136

The CVE-2023-31136 entry concerns PostgresNIO prior to 1.14.2, where a MITM attacker could inject false responses to initial queries over TLS. The connected documents reinforce that the core issue is a MITM-like behavior when establishing a TLS-enabled PostgreSQL connection; PostgresNIO fixes beg...

Moderate: Red Hat Security Advisory: postgresql-jdbc security update

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...

PostgresNIO 安全漏洞

PostgresNIO is a Swift client for PostgreSQL. A security vulnerability exists in PostgresNIO versions prior to 1.14.2. An attacker exploited the vulnerability to perform a man-in-the-middle attack...

ALSA-2023:2378 Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file...

Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file...

postgresql-support.de Cross Site Scripting vulnerability OBB-3293416

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in PostgreSQL

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of PostgreSQL. Vulnerability Details CVEID:CVE-2022-41862 DESCRIPTION: PostgreSQL could allow a remote attacker to obtain sensitive information, caused by a client memory disclosure flaw. By sending an...

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

Cross site scripting

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

多款ZOHO产品安全漏洞

ZOHO ManageEngine Password Manager Pro and so on are products of ZOHO USA.ZOHO ManageEngine Password Manager Pro is a password manager.ZOHO ManageEngine Access Manager Plus is a password manager. ZOHO ManageEngine PAM360 is a complete PAM software. A security vulnerability exists in ManageEngine...

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

CVE-2023-2291

CVE-2023-2291 affects ManageEngine products: Access Manager Plus (AMP) in build 4309, Password Manager Pro, and PAM360. The root cause is static credentials stored in PostgreSQL data, which could allow a low-privilege user to modify configuration data and escalate to Administrative privileges. Th...

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...