postgresql is vulnerable to authorization bypass. An attacker is able to bypass client-side connection security features to escalate privileges, execute arbitrary SQL statements. This is due to the failure of the client library to properly reset its internal state between connections, which leads to the malfunction of the PQescape()
function.
lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
www.securityfocus.com/bid/105054
www.securitytracker.com/id/1041446
access.redhat.com/errata/RHSA-2018:2511
access.redhat.com/errata/RHSA-2018:2557
access.redhat.com/errata/RHSA-2018:2565
access.redhat.com/errata/RHSA-2018:2566
access.redhat.com/errata/RHSA-2018:2643
access.redhat.com/errata/RHSA-2018:2721
access.redhat.com/errata/RHSA-2018:2729
access.redhat.com/errata/RHSA-2018:3816
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10915
lists.debian.org/debian-lts-announce/2018/08/msg00012.html
security.gentoo.org/glsa/201810-08
usn.ubuntu.com/3744-1/
www.debian.org/security/2018/dsa-4269
www.postgresql.org/about/news/1878/