PostgreSQL security flaws

http://childpsychiatryassociates.com/where-to-start/ Overview :

Multiple flaws was discovered in postgresql

Titao Affected Product(s) :

postgresql 9.4 – 11
postgresql 11.x before 11.5

Vulnerability Details :

CVE ID :	CVE-2019-10208
	A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
CVE ID :	CVE-2019-10209
	Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

Solution :

All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details.

PostgreSQL 9.4 will stop receiving fixes on February 13, 2020. Please see our versioning policy for more information.

PostgreSQL security flaws

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-4291 : Frauscher Sensortechnik FDS101 For FAdC 1.4.24 Code Injection

CVE-2023-2163 : Linux Kernel 5.4 BPF kernel/bpf/verifier.c backtrack_insn calculation

CVE-2023-42454 : SQLpage Up To 0.11.0 Database Connection String sqlpage/sqlpage.json Information Disclosure