SUSE SLES12 Security Update : postgresql14 (SUSE-SU-2022:1874-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1874-1 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another...

CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

Vulnerability in core server (CVE-2022-1552)

Autovacuum, REINDEX, and others omit "security restricted operation" sandbox Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck made incomplete efforts to operate safely when a privileged user is maintaining another user's objects. Those commands activated releva...

IBM DB2 Information Disclosure Vulnerability (CNVD-2021-99983)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 for Linux, UNIX, and Windows including DB2 Connect Server...

EulerOS 2.0 SP3 : postgresql (EulerOS-SA-2021-1833)

According to the version of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker havi...

EulerOS Virtualization 3.0.2.6 : postgresql (EulerOS-SA-2021-1448)

According to the version of the postgresql package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An...

EulerOS Virtualization 3.0.6.6 : postgresql (EulerOS-SA-2021-1511)

According to the version of the postgresql packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. A...

Important: postgresql95, postgresql96

Issue Overview: A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text...

Debian DLA-2478-1 : postgresql-9.6 security update

Several vulnerabilities have been found in the PostgreSQL database system. CVE-2020-25694 Peter Eisentraut found that database reconnections may drop options from the original connection, such as encryption, which could lead to information disclosure or a man-in-the-middle attack. CVE-2020-25695...

[SECURITY] [DLA 2478-1] postgresql-9.6 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2478-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 02, 2020 https://wiki.debian.org/LTS -...

Malicious Code Execution

postgresql is vulnerable to malicious code execution. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as...

CVE-2020-25695

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

CVE-2020-25695

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

CVE-2020-25695

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

Debian DLA-2331-1 : posgresql-9.6 security update

Andres Freund found an issue in the PostgreSQL database system where an uncontrolled search path could allow users to run arbitrary SQL functions with elevated priviledges when a superuser runs certain CREATE EXTENSION' statements. For Debian 9 stretch, this problem has been fixed in version...

File system access via H2 in Apache Ignite

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...

GHSA-5WM5-8Q42-RHXG File system access via H2 in Apache Ignite

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...

Arbitrary File Access

ignite-indexing is vulnerable to arbitrary file access. The vulnerability exists as the access to the filesystem with read and write ability is possible through embedded H2 SQL functions...

CVE-2020-1963

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...

Denial Of Service (DoS)

postgresql is vulnerable to denial of service. Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of command which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user...