Security Bulletin: Due to use of PostgreSQL JDBC Driver, IBM Cloud PAK for Watson AI Ops is vulnerable to SQL Injection (CVE-2022-31197)

Summary PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that...

SUSE-SU-2022:3269-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368. - Upgrade to version 14.4 bsc1200437 - Release notes:...

Important: postgresql

Issue Overview: A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

InsightVM: Best Practices to Improve Your Console

Over the years, our recommendations and best practices for the InsightVM console have changed with the improvements and updates we’ve made to the system. Here are some of the most common improvements to help you get the most out of your InsightVM console in 2022. Ensure everything is up to date T...

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum REINDEX CREATE INDEX REFRESH MATERIALIZED VIEW CLUSTER and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

...

RHEL 9 : postgresql (RHSA-2022:4771)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4771 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version:...

USN-5238-1: PostgreSQL JDBC Driver vulnerability

It was discovered that PostgreSQL JDBC Driver incorrectly handled certain requests from external entities. A remote attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code...

USN-5238-1 libpgjava vulnerability

It was discovered that PostgreSQL JDBC Driver incorrectly handled certain requests from external entities. A remote attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code...

Amazon Linux 2022 : postgresql14, postgresql14-contrib, postgresql14-llvmjit (ALAS2022-2022-124)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-124 advisory. A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH...

CVE-2022-36076

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added and later checked a nonce was inadvertently rendered opt-i...

Code injection

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added and later checked a nonce was inadvertently rendered opt-i...

CVE-2022-36076 Account takeover via SSO plugins in NodeBB

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added and later checked a nonce was inadvertently rendered opt-i...

SUSE SLES15 Security Update : postgresql12 (SUSE-SU-2022:2988-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2988-1 advisory. - A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the abili...

SUSE-SU-2022:2989-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368. - Upgrade to version 14.4 bsc1200437 - Release notes:...

SUSE-SU-2022:2988-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - Update to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368...

SUSE SLES15 Security Update : postgresql10 (SUSE-SU-2022:2946-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2946-1 advisory. - A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the abili...

AZL-10826 CVE-2022-1552 affecting package postgresql for versions less than 14.5-1

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

DEBIAN-CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

ALPINE-CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...