Autovacuum, REINDEX, and others omit “security restricted operation” sandbox (CVE-2022-1552) Extension scripts replace objects not belonging to the extension (CVE-2022-2625)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchpostgresql11< 11.17-1postgresql11-11.17-1.mga8
Mageia8noarchpostgresql13< 13.8-1postgresql13-13.8-1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	postgresql11	< 11.17-1	postgresql11-11.17-1.mga8
Mageia	8	noarch	postgresql13	< 13.8-1	postgresql13-13.8-1.mga8

References

bugs.mageia.org/show_bug.cgi?id=30739

www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/

www.postgresql.org/support/security/CVE-2022-1552/

www.postgresql.org/support/security/CVE-2022-2625/

openvas 33

ibm 6

nessus 62

redhat 14

altlinux 17

osv 16

redhatcve 1

veracode 1

oraclelinux 5

almalinux 3

cve 1

suse 6

rocky 5

ubuntu 3

cloudfoundry 1

alpinelinux 2

nvd 1

centos 1

debian 3

ubuntucve 1

cbl_mariner 4

amazon 1

broadcom 1

freebsd 1

debiancve 2

kaspersky 2

mageia 1

redos 1

prion 2

cvelist 2

openvas

Mageia: Security Advisory (MGASA-2022-0313)

2022-08-29 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2893-1)

2022-08-26 00:00:00

Debian: Security Advisory (DSA-5135-1)

2022-05-13 00:00:00

ibm

Security Bulletin: Vulnerabilities in PostgreSQL may affect IBM Spectrum Protect Plus (CVE-2022-2625, CVE-2022-1552, CVE-2021-3677)

2023-03-30 16:07:56

Security Bulletin: IBM Connect:Direct Web Services vulnerable to remote security bypass due to PostgreSQL (CVE-2022-1552)

2022-08-24 05:32:42

Security Bulletin: Vulnerability in PostgreSQL may affect IBM Elastic Storage System

2022-11-01 10:43:58

nessus

SUSE SLES15 Security Update : postgresql10 (SUSE-SU-2022:2893-1)

2022-08-26 00:00:00

CentOS 8 : postgresql:12 (CESA-2022:4807)

2022-05-31 00:00:00

SUSE SLES15 Security Update : postgresql12 (SUSE-SU-2022:1894-1)

2022-06-01 00:00:00

redhat

(RHSA-2022:4854) Important: postgresql:10 security update

2022-06-01 13:45:18

(RHSA-2022:4893) Important: postgresql:12 security update

2022-06-02 23:57:20

(RHSA-2022:4895) Important: postgresql:10 security update

2022-06-02 23:56:57

altlinux

Security fix for the ALT Linux 9 package postgresql10 version 10.21-alt0.M90P.1

2022-05-18 00:00:00

Security fix for the ALT Linux 10 package postgresql15 version 14.3-alt1

2022-05-11 00:00:00

Security fix for the ALT Linux 10 package postgresql10 version 10.21-alt1

2022-05-13 00:00:00

osv

Important: postgresql security update

2022-05-30 07:19:50

postgresql-9.5 vulnerability

2022-10-13 19:29:16

Important: postgresql:10 security update

2022-05-30 11:39:32

redhatcve

CVE-2022-1552

2022-05-13 10:26:11

veracode

SQL Injection

2022-05-16 15:11:30

oraclelinux

postgresql:10 security update

2022-06-01 00:00:00

postgresql security update

2022-06-22 00:00:00

postgresql security update

2022-06-30 00:00:00

almalinux

Important: postgresql:12 security update

2022-05-31 07:56:56

Important: postgresql:10 security update

2022-05-30 11:39:32

Moderate: postgresql:12 security update

2022-10-25 00:00:00

cve

CVE-2022-1552

2022-08-31 16:15:09

suse

Security update for postgresql12 (important)

2022-05-31 00:00:00

Security update for postgresql10 (important)

2022-05-31 00:00:00

Security update for postgresql13 (important)

2022-05-31 00:00:00

rocky

postgresql:10 security update

2022-05-30 11:39:32

postgresql:13 security update

2022-06-01 13:45:22

postgresql security update

2022-05-30 07:19:50

ubuntu

PostgreSQL vulnerability

2022-10-13 00:00:00

PostgreSQL vulnerability

2022-05-24 00:00:00

PostgreSQL vulnerability

2022-08-18 00:00:00

cloudfoundry

USN-5440-1: PostgreSQL vulnerability | Cloud Foundry

2022-07-28 00:00:00

alpinelinux

CVE-2022-1552

2022-08-31 16:15:09

CVE-2022-2625

2022-08-18 19:15:14

nvd

CVE-2022-1552

2022-08-31 16:15:09

centos

postgresql security update

2022-08-02 19:22:33

debian

[SECURITY] [DSA 5135-1] postgresql-11 security update

2022-05-12 19:28:08

[SECURITY] [DSA 5136-1] postgresql-13 security update

2022-05-12 19:28:35

[SECURITY] [DLA 3072-1] postgresql-11 security update

2022-08-11 16:01:45

ubuntucve

CVE-2022-1552

2022-05-12 00:00:00

cbl_mariner

CVE-2022-1552 affecting package postgresql 12.8-1

2022-10-13 00:40:15

CVE-2022-1552 affecting package postgresql for versions less than 14.5-1

2022-10-05 23:33:47

CVE-2022-2625 affecting package postgresql 12.8-1

2022-10-13 00:40:15

amazon

Important: postgresql

2022-09-01 21:09:00

broadcom

CVE-2022-1552 : Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

2023-05-19 00:00:00

freebsd

PostgreSQL Server -- execute arbitrary SQL code as DBA user

2022-05-11 00:00:00

debiancve

CVE-2022-1552

2022-08-31 16:15:09

CVE-2022-2625

2022-08-18 19:15:14

kaspersky

KLA12537 PE vulnerability in PostgreSQL

2022-05-12 00:00:00

KLA15718 RCE vulnerability in PostgreSQL

2022-08-11 00:00:00

mageia

Updated postgresql packages fix security vulnerability

2022-05-22 16:36:26

redos

ROS-20220530-02

2022-05-30 00:00:00

prion

Design/Logic Flaw

2022-08-31 16:15:00

Design/Logic Flaw

2022-08-18 19:15:00

cvelist

CVE-2022-1552

2022-08-31 00:00:00

CVE-2022-2625

2022-08-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for MGASA-2022-0313