PostgreSQL security flaws

Overview :

Multiple flaws was discovered in postgresql

Affected Product(s) :

postgresql 9.4 – 11
postgresql 11.x before 11.5

Vulnerability Details :

CVE ID :	CVE-2019-10208
	A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
CVE ID :	CVE-2019-10209
	Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

Solution :

All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details.

PostgreSQL 9.4 will stop receiving fixes on February 13, 2020. Please see our versioning policy for more information.

PostgreSQL security flaws

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-12867 : ARCTIC SECURITY ARCTIC HUB UP TO 5.5.1872 CONFIGURATION SERVER-SIDE REQUEST FORGERY

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

CVE-2024-51466 : IBM COGNOS ANALYTICS UP TO 11.2.4 FP4/12.0.4 EL EXPRESSION LANGUAGE INJECTION