VYPR

rpm package

suse/postgresql15&distro=SUSE Linux Enterprise Server 12 SP4-LTSS

pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Vulnerabilities (3)

  • CVE-2023-2455Jun 9, 2023
    affected < 15.3-3.9.1fixed 15.3-3.9.1

    Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happe

  • CVE-2023-2454Jun 9, 2023
    affected < 15.3-3.9.1fixed 15.3-3.9.1

    schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.

  • CVE-2022-41862Mar 3, 2023
    affected < 15.2-3.6.1fixed 15.2-3.6.1

    In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.