32 matches found
Moderate: postgresql:10 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...
Moderate: postgresql:13 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...
ALSA-2023:4539 Moderate: postgresql:10 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...
Oracle Linux 9 : 15 (ELSA-2023-4327)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4327 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 15.3-1 - update to 15.3 - Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: 2214875 Tenable has extracte...
ALSA-2023:4327 Moderate: postgresql:15 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...
RHEL 9 : postgresql:15 (RHSA-2023:4327)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4327 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective...
postgresql: schema_element defeats protective search_path changes
A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code...
Moderate: Red Hat Security Advisory: rh-postgresql12-postgresql security update
An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: postgresql security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...
CVE-2023-2454
CVE-2023-2454 concerns PostgreSQL; a flaw in schema_element defeats protective search_path changes could allow an authenticated user with database-level privileges to run arbitrary code. This has been observed in multiple advisories (including Astra Linux and Amazon Linux 2 notes) and is linked t...
Updated postgresql packages fix security vulnerability
CREATE SCHEMA ... schemaelement defeats protective searchpath changes. CVE-2023-2454 Row security policies disregard user ID changes after inlining. CVE-2023-2455...
SUSE SLES12: postgresql12 / postgresql12-contrib / postgresql12-devel / etc (SUSE-SU-2023:2200-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2200-1 advisory. Updated to version 12.15: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the...