rpm package
suse/postgresql15&distro=SUSE Linux Enterprise Real Time 15 SP3
pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2455 | — | < 15.3-150200.5.9.1 | 15.3-150200.5.9.1 | Jun 9, 2023 | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happe | ||
| CVE-2023-2454 | — | < 15.3-150200.5.9.1 | 15.3-150200.5.9.1 | Jun 9, 2023 | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | ||
| CVE-2022-41862 | — | < 15.2-150200.5.6.1 | 15.2-150200.5.6.1 | Mar 3, 2023 | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. |
- CVE-2023-2455Jun 9, 2023affected < 15.3-150200.5.9.1fixed 15.3-150200.5.9.1
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happe
- CVE-2023-2454Jun 9, 2023affected < 15.3-150200.5.9.1fixed 15.3-150200.5.9.1
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
- CVE-2022-41862Mar 3, 2023affected < 15.2-150200.5.6.1fixed 15.2-150200.5.6.1
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.