Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-5868 (GCVE-0-2023-5868)
Vulnerability from cvelistv5 – Published: 2023-12-10 17:56 – Updated: 2026-06-23 17:19
VLAI
EPSS
Title
Postgresql: memory disclosure in aggregate function calls
Summary
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-686 - Function Call With Incorrect Argument Type
Assigner
References
27 references
Impacted products
34 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Advanced Cluster Security 4.2 |
Unaffected:
4.2.4-6 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.2::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.2 |
Unaffected:
4.2.4-7 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.2::el8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8090020231114113712.a75119d5 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8090020231128173330.a75119d5 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8090020231114113548.a75119d5 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
8020020231128165246.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service |
Unaffected:
8020020231128165246.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions |
Unaffected:
8020020231128165246.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
8040020231127153301.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
8040020231127154806.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
8040020231127153301.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
8040020231127154806.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
8040020231127153301.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
8040020231127154806.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support |
Unaffected:
8060020231114115246.ad008a3a , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support |
Unaffected:
8060020231128165328.ad008a3a , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
8080020231114105206.63b34585 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
8080020231128165335.63b34585 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
8080020231113134015.63b34585 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:13.13-1.el9_3 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
9030020231120082734.rhel9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support |
Unaffected:
0:13.13-1.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.0::appstream cpe:/a:redhat:rhel_eus:9.0::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:13.13-1.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::crb cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
9020020231115020618.rhel9 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Software Collections for Red Hat Enterprise Linux 7 |
Unaffected:
0:12.17-1.el7 , < *
(rpm)
cpe:/a:redhat:rhel_software_collections:3::el7 |
|
| Red Hat | Red Hat Software Collections for Red Hat Enterprise Linux 7 |
Unaffected:
0:13.13-1.el7 , < *
(rpm)
cpe:/a:redhat:rhel_software_collections:3::el7 |
|
| Red Hat | RHACS-3.74-RHEL-8 |
Unaffected:
3.74.8-9 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:3.74::el8 |
|
| Red Hat | RHACS-3.74-RHEL-8 |
Unaffected:
3.74.8-7 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:3.74::el8 |
|
| Red Hat | RHACS-4.1-RHEL-8 |
Unaffected:
4.1.6-6 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.1::el8 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Software Collections |
cpe:/a:redhat:rhel_software_collections:3 |
Date Public
2023-11-09 00:00
Credits
Upstream acknowledges Jingzhou Fu as the original reporter.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:25:50.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7545",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7545"
},
{
"name": "RHSA-2023:7579",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7579"
},
{
"name": "RHSA-2023:7580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7580"
},
{
"name": "RHSA-2023:7581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7581"
},
{
"name": "RHSA-2023:7616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7616"
},
{
"name": "RHSA-2023:7656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7656"
},
{
"name": "RHSA-2023:7666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7666"
},
{
"name": "RHSA-2023:7667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7667"
},
{
"name": "RHSA-2023:7694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7694"
},
{
"name": "RHSA-2023:7695",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7695"
},
{
"name": "RHSA-2023:7714",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7714"
},
{
"name": "RHSA-2023:7770",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7770"
},
{
"name": "RHSA-2023:7772",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7772"
},
{
"name": "RHSA-2023:7784",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7784"
},
{
"name": "RHSA-2023:7785",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7785"
},
{
"name": "RHSA-2023:7883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7883"
},
{
"name": "RHSA-2023:7884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7884"
},
{
"name": "RHSA-2023:7885",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7885"
},
{
"name": "RHSA-2024:0304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"name": "RHSA-2024:0332",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"name": "RHSA-2024:0337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0337"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5868"
},
{
"name": "RHBZ#2247168",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240119-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.postgresql.org/support/security/CVE-2023-5868/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T14:58:12.146891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T17:19:12.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-operator-bundle",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231114113712.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231128173330.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231114113548.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231114115246.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231128165328.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231114105206.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231128165335.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231113134015.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9030020231120082734.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream",
"cpe:/a:redhat:rhel_eus:9.0::crb"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9020020231115020618.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_software_collections:3::el7"
],
"defaultStatus": "affected",
"packageName": "rh-postgresql12-postgresql",
"product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:12.17-1.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_software_collections:3::el7"
],
"defaultStatus": "affected",
"packageName": "rh-postgresql13-postgresql",
"product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-operator-bundle",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-operator-bundle",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "postgresql:10/postgresql",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "postgresql:16/postgresql",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "postgresql:16/postgresql",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_software_collections:3"
],
"defaultStatus": "affected",
"packageName": "rh-postgresql10-postgresql",
"product": "Red Hat Software Collections",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Jingzhou Fu as the original reporter."
}
],
"datePublic": "2023-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-686",
"description": "Function Call With Incorrect Argument Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T05:21:09.981Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7545",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7545"
},
{
"name": "RHSA-2023:7579",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7579"
},
{
"name": "RHSA-2023:7580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7580"
},
{
"name": "RHSA-2023:7581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7581"
},
{
"name": "RHSA-2023:7616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7616"
},
{
"name": "RHSA-2023:7656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7656"
},
{
"name": "RHSA-2023:7666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7666"
},
{
"name": "RHSA-2023:7667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7667"
},
{
"name": "RHSA-2023:7694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7694"
},
{
"name": "RHSA-2023:7695",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7695"
},
{
"name": "RHSA-2023:7714",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7714"
},
{
"name": "RHSA-2023:7770",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7770"
},
{
"name": "RHSA-2023:7772",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7772"
},
{
"name": "RHSA-2023:7784",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7784"
},
{
"name": "RHSA-2023:7785",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7785"
},
{
"name": "RHSA-2023:7883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7883"
},
{
"name": "RHSA-2023:7884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7884"
},
{
"name": "RHSA-2023:7885",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7885"
},
{
"name": "RHSA-2024:0304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"name": "RHSA-2024:0332",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"name": "RHSA-2024:0337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0337"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5868"
},
{
"name": "RHBZ#2247168",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168"
},
{
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"
},
{
"url": "https://www.postgresql.org/support/security/CVE-2023-5868/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-31T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-09T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Postgresql: memory disclosure in aggregate function calls",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-686: Function Call With Incorrect Argument Type"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5868",
"datePublished": "2023-12-10T17:56:57.176Z",
"dateReserved": "2023-10-31T03:56:17.314Z",
"dateUpdated": "2026-06-23T17:19:12.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-5868",
"date": "2026-06-27",
"epss": "0.02775",
"percentile": "0.8455"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.22\", \"matchCriteriaId\": \"1D407A29-CAB0-425B-87B6-F2487FAE6B71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0\", \"versionEndExcluding\": \"12.17\", \"matchCriteriaId\": \"13B24306-F52A-47E4-A7E4-EA7E46F850EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.13\", \"matchCriteriaId\": \"AA77ED73-60C6-4666-9355-7C28CD774001\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndExcluding\": \"14.10\", \"matchCriteriaId\": \"7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0\", \"versionEndExcluding\": \"15.5\", \"matchCriteriaId\": \"E8883865-D864-497D-B39C-90D3ACC6A932\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"654E69F1-844B-4E32-9C3D-FA8032FB3A61\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"936B046D-ADEB-4701-8957-AC28CFA9C5C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56CE19E2-F92D-4C36-9319-E6CD4766D0D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"056DABF5-0C1D-4EBA-B02B-443BACB20D6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02F08DBD-4BD0-408D-B817-04B2EB82137E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDE46FD5-B415-49B7-BF2D-E76D068C3920\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09AAD850-019A-46B8-A5A1-845DE048D30A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4E39B04-D3E5-4106-8A8F-0C496FF9997F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86034E5B-BCDD-4AFD-A460-38E790F608F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6967B4-C62B-4252-B5C3-50532B9EA3FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2ED1251-245C-4390-8964-DDCAD54A8957\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D7EE4B6-A6EC-4B9B-91DF-79615796673F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C3741B8-851F-475D-B428-523F4F722350\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62C31522-0A17-4025-B269-855C7F4B45C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DDA3E5A-8754-4C48-9A27-E2415F8A6000\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C74F6FA-FA6C-4648-9079-91446E45EE47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F797F2E-00E6-4D03-A94E-524227529A0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7F8A347-0ACE-40E4-BF7B-656D66DDB425\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32AF225E-94C0-4D07-900C-DD868C05F554\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B758EDC9-6421-422C-899E-A273D2936D8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22C65F53-D624-48A9-A9B7-4C78A31E19F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CC06C2A-64A5-4302-B754-A4DC0E12FE7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26041661-0280-4544-AA0A-BC28FCED4699\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23D471AC-7DCA-4425-AD91-E5D928753A8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9C30C59-07F7-4CCE-B057-052ECCD36DB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F91F9255-4EE1-43C7-8831-D2B6C228BFD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62D3FD78-5B63-4A1B-B4EE-9B098844691E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99952557-C766-4B9E-8BF5-DBBA194349FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6897676D-53F9-45B3-B27F-7FF9A4C58D33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E28F226A-CBC7-4A32-BE58-398FA5B42481\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76C24D94-834A-4E9D-8F73-624AFA99AAA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F32CA554-F9D7-425B-8F1C-89678507F28C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B09ACF2D-D83F-4A86-8185-9569605D8EE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC10D919-57FD-4725-B8D2-39ECB476902F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1272DF03-7674-4BD4-8E64-94004B195448\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una vulnerabilidad de divulgaci\\u00f3n de memoria en PostgreSQL que permite a usuarios remotos acceder a informaci\\u00f3n confidencial explotando ciertas llamadas a funciones agregadas con argumentos de tipo \\\"desconocido\\\". El manejo de valores de tipo \\\"desconocido\\\" de cadenas literales sin designaci\\u00f3n de tipo puede revelar bytes, lo que potencialmente revela informaci\\u00f3n importante y confidencial. Este problema existe debido a una salida excesiva de datos en llamadas a funciones agregadas, lo que permite a los usuarios remotos leer una parte de la memoria del sistema.\"}]",
"id": "CVE-2023-5868",
"lastModified": "2024-11-21T08:42:40.160",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
"published": "2023-12-10T18:15:07.163",
"references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2023:7545\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7579\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7580\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7581\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7616\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7656\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7666\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7667\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7694\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7695\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7714\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7770\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7772\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7784\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7785\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7883\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7884\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7885\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0304\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0332\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0337\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-5868\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2247168\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.postgresql.org/support/security/CVE-2023-5868/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7545\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7579\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7580\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7581\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7616\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7656\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7666\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7667\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7694\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7695\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7714\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7770\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7772\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7784\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7785\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7883\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7884\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7885\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0304\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0332\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0337\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-5868\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2247168\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240119-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.postgresql.org/support/security/CVE-2023-5868/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-686\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5868\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-12-10T18:15:07.163\",\"lastModified\":\"2026-06-23T18:17:37.457\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad de divulgaci\u00f3n de memoria en PostgreSQL que permite a usuarios remotos acceder a informaci\u00f3n confidencial explotando ciertas llamadas a funciones agregadas con argumentos de tipo \\\"desconocido\\\". El manejo de valores de tipo \\\"desconocido\\\" de cadenas literales sin designaci\u00f3n de tipo puede revelar bytes, lo que potencialmente revela informaci\u00f3n importante y confidencial. Este problema existe debido a una salida excesiva de datos en llamadas a funciones agregadas, lo que permite a los usuarios remotos leer una parte de la memoria del sistema.\"}],\"affected\":[{\"source\":\"secalert@redhat.com\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4.2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-central-db-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.2::el8\"],\"versions\":[{\"version\":\"4.2.4-6\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4.2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-main-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.2::el8\"],\"versions\":[{\"version\":\"4.2.4-6\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4.2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-operator-bundle\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.2::el8\"],\"versions\":[{\"version\":\"4.2.4-7\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4.2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-scanner-db-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.2::el8\"],\"versions\":[{\"version\":\"4.2.4-6\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4.2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-scanner-db-slim-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.2::el8\"],\"versions\":[{\"version\":\"4.2.4-7\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:13\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"],\"versions\":[{\"version\":\"8090020231114113712.a75119d5\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:12\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"],\"versions\":[{\"version\":\"8090020231128173330.a75119d5\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:15\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"],\"versions\":[{\"version\":\"8090020231114113548.a75119d5\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.2 Advanced Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:12\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.2::appstream\",\"cpe:/a:redhat:rhel_aus:8.2::appstream\",\"cpe:/a:redhat:rhel_e4s:8.2::appstream\"],\"versions\":[{\"version\":\"8020020231128165246.4cda2c84\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.2 Telecommunications Update Service\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:12\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.2::appstream\",\"cpe:/a:redhat:rhel_aus:8.2::appstream\",\"cpe:/a:redhat:rhel_e4s:8.2::appstream\"],\"versions\":[{\"version\":\"8020020231128165246.4cda2c84\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:12\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.2::appstream\",\"cpe:/a:redhat:rhel_aus:8.2::appstream\",\"cpe:/a:redhat:rhel_e4s:8.2::appstream\"],\"versions\":[{\"version\":\"8020020231128165246.4cda2c84\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:12\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\",\"cpe:/a:redhat:rhel_e4s:8.4::appstream\",\"cpe:/a:redhat:rhel_tus:8.4::appstream\"],\"versions\":[{\"version\":\"8040020231127153301.522a0ee4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:13\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\",\"cpe:/a:redhat:rhel_e4s:8.4::appstream\",\"cpe:/a:redhat:rhel_tus:8.4::appstream\"],\"versions\":[{\"version\":\"8040020231127154806.522a0ee4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Telecommunications Update Service\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:12\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\",\"cpe:/a:redhat:rhel_e4s:8.4::appstream\",\"cpe:/a:redhat:rhel_tus:8.4::appstream\"],\"versions\":[{\"version\":\"8040020231127153301.522a0ee4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Telecommunications Update Service\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:13\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\",\"cpe:/a:redhat:rhel_e4s:8.4::appstream\",\"cpe:/a:redhat:rhel_tus:8.4::appstream\"],\"versions\":[{\"version\":\"8040020231127154806.522a0ee4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:12\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\",\"cpe:/a:redhat:rhel_e4s:8.4::appstream\",\"cpe:/a:redhat:rhel_tus:8.4::appstream\"],\"versions\":[{\"version\":\"8040020231127153301.522a0ee4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:13\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\",\"cpe:/a:redhat:rhel_e4s:8.4::appstream\",\"cpe:/a:redhat:rhel_tus:8.4::appstream\"],\"versions\":[{\"version\":\"8040020231127154806.522a0ee4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.6 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:13\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:8.6::appstream\"],\"versions\":[{\"version\":\"8060020231114115246.ad008a3a\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.6 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:12\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:8.6::appstream\"],\"versions\":[{\"version\":\"8060020231128165328.ad008a3a\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.8 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:13\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:8.8::appstream\"],\"versions\":[{\"version\":\"8080020231114105206.63b34585\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.8 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:12\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:8.8::appstream\"],\"versions\":[{\"version\":\"8080020231128165335.63b34585\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.8 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:15\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:8.8::appstream\"],\"versions\":[{\"version\":\"8080020231113134015.63b34585\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\",\"cpe:/a:redhat:enterprise_linux:9::crb\"],\"versions\":[{\"version\":\"0:13.13-1.el9_3\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:15\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"],\"versions\":[{\"version\":\"9030020231120082734.rhel9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.0 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.0::appstream\",\"cpe:/a:redhat:rhel_eus:9.0::crb\"],\"versions\":[{\"version\":\"0:13.13-1.el9_0\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.2 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.2::crb\",\"cpe:/a:redhat:rhel_eus:9.2::appstream\"],\"versions\":[{\"version\":\"0:13.13-1.el9_2\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.2 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:15\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.2::appstream\"],\"versions\":[{\"version\":\"9020020231115020618.rhel9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Software Collections for Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rh-postgresql12-postgresql\",\"cpes\":[\"cpe:/a:redhat:rhel_software_collections:3::el7\"],\"versions\":[{\"version\":\"0:12.17-1.el7\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Software Collections for Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rh-postgresql13-postgresql\",\"cpes\":[\"cpe:/a:redhat:rhel_software_collections:3::el7\"],\"versions\":[{\"version\":\"0:13.13-1.el7\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHACS-3.74-RHEL-8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-central-db-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:3.74::el8\"],\"versions\":[{\"version\":\"3.74.8-9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHACS-3.74-RHEL-8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-main-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:3.74::el8\"],\"versions\":[{\"version\":\"3.74.8-9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHACS-3.74-RHEL-8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-operator-bundle\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:3.74::el8\"],\"versions\":[{\"version\":\"3.74.8-7\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHACS-3.74-RHEL-8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-scanner-db-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:3.74::el8\"],\"versions\":[{\"version\":\"3.74.8-9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHACS-3.74-RHEL-8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-scanner-db-slim-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:3.74::el8\"],\"versions\":[{\"version\":\"3.74.8-9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHACS-4.1-RHEL-8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-central-db-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.1::el8\"],\"versions\":[{\"version\":\"4.1.6-6\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHACS-4.1-RHEL-8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-main-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.1::el8\"],\"versions\":[{\"version\":\"4.1.6-6\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHACS-4.1-RHEL-8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-operator-bundle\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.1::el8\"],\"versions\":[{\"version\":\"4.1.6-6\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHACS-4.1-RHEL-8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-scanner-db-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.1::el8\"],\"versions\":[{\"version\":\"4.1.6-6\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHACS-4.1-RHEL-8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"advanced-cluster-security/rhacs-scanner-db-slim-rhel8\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.1::el8\"],\"versions\":[{\"version\":\"4.1.6-6\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"unknown\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:10/postgresql\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:16/postgresql\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"postgresql:16/postgresql\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Software Collections\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rh-postgresql10-postgresql\",\"cpes\":[\"cpe:/a:redhat:rhel_software_collections:3\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-08-15T14:58:12.146891Z\",\"id\":\"CVE-2023-5868\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-686\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.22\",\"matchCriteriaId\":\"1D407A29-CAB0-425B-87B6-F2487FAE6B71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.17\",\"matchCriteriaId\":\"13B24306-F52A-47E4-A7E4-EA7E46F850EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.13\",\"matchCriteriaId\":\"AA77ED73-60C6-4666-9355-7C28CD774001\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.10\",\"matchCriteriaId\":\"7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndExcluding\":\"15.5\",\"matchCriteriaId\":\"E8883865-D864-497D-B39C-90D3ACC6A932\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"654E69F1-844B-4E32-9C3D-FA8032FB3A61\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"936B046D-ADEB-4701-8957-AC28CFA9C5C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56CE19E2-F92D-4C36-9319-E6CD4766D0D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"056DABF5-0C1D-4EBA-B02B-443BACB20D6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02F08DBD-4BD0-408D-B817-04B2EB82137E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDE46FD5-B415-49B7-BF2D-E76D068C3920\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09AAD850-019A-46B8-A5A1-845DE048D30A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E39B04-D3E5-4106-8A8F-0C496FF9997F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86034E5B-BCDD-4AFD-A460-38E790F608F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6967B4-C62B-4252-B5C3-50532B9EA3FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2ED1251-245C-4390-8964-DDCAD54A8957\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7EE4B6-A6EC-4B9B-91DF-79615796673F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C3741B8-851F-475D-B428-523F4F722350\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62C31522-0A17-4025-B269-855C7F4B45C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DDA3E5A-8754-4C48-9A27-E2415F8A6000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C74F6FA-FA6C-4648-9079-91446E45EE47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F797F2E-00E6-4D03-A94E-524227529A0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7F8A347-0ACE-40E4-BF7B-656D66DDB425\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32AF225E-94C0-4D07-900C-DD868C05F554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B758EDC9-6421-422C-899E-A273D2936D8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22C65F53-D624-48A9-A9B7-4C78A31E19F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC06C2A-64A5-4302-B754-A4DC0E12FE7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26041661-0280-4544-AA0A-BC28FCED4699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23D471AC-7DCA-4425-AD91-E5D928753A8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9C30C59-07F7-4CCE-B057-052ECCD36DB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F91F9255-4EE1-43C7-8831-D2B6C228BFD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62D3FD78-5B63-4A1B-B4EE-9B098844691E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99952557-C766-4B9E-8BF5-DBBA194349FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6897676D-53F9-45B3-B27F-7FF9A4C58D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E28F226A-CBC7-4A32-BE58-398FA5B42481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C24D94-834A-4E9D-8F73-624AFA99AAA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F32CA554-F9D7-425B-8F1C-89678507F28C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B09ACF2D-D83F-4A86-8185-9569605D8EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC10D919-57FD-4725-B8D2-39ECB476902F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1272DF03-7674-4BD4-8E64-94004B195448\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7545\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7579\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7580\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7581\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7616\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7656\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7666\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7667\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7694\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7695\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7714\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7770\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7772\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7784\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7785\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7883\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7884\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7885\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0304\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0332\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0337\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-5868\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2247168\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.postgresql.org/support/security/CVE-2023-5868/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7545\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7580\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7581\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7616\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7656\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7666\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7667\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7695\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7714\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7770\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7772\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7784\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7883\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7884\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0304\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0332\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-5868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2247168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240119-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.postgresql.org/support/security/CVE-2023-5868/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2023:7545\", \"name\": \"RHSA-2023:7545\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7579\", \"name\": \"RHSA-2023:7579\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7580\", \"name\": \"RHSA-2023:7580\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7581\", \"name\": \"RHSA-2023:7581\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7616\", \"name\": \"RHSA-2023:7616\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7656\", \"name\": \"RHSA-2023:7656\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7666\", \"name\": \"RHSA-2023:7666\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7667\", \"name\": \"RHSA-2023:7667\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7694\", \"name\": \"RHSA-2023:7694\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7695\", \"name\": \"RHSA-2023:7695\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7714\", \"name\": \"RHSA-2023:7714\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7770\", \"name\": \"RHSA-2023:7770\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7772\", \"name\": \"RHSA-2023:7772\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7784\", \"name\": \"RHSA-2023:7784\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7785\", \"name\": \"RHSA-2023:7785\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7883\", \"name\": \"RHSA-2023:7883\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7884\", \"name\": \"RHSA-2023:7884\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7885\", \"name\": \"RHSA-2023:7885\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0304\", \"name\": \"RHSA-2024:0304\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0332\", \"name\": \"RHSA-2024:0332\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0337\", \"name\": \"RHSA-2024:0337\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-5868\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2247168\", \"name\": \"RHBZ#2247168\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240119-0003/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.postgresql.org/support/security/CVE-2023-5868/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T19:25:50.319Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5868\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-15T14:58:12.146891Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-23T17:08:56.637Z\"}}], \"cna\": {\"title\": \"Postgresql: memory disclosure in aggregate function calls\", \"credits\": [{\"lang\": \"en\", \"value\": \"Upstream acknowledges Jingzhou Fu as the original reporter.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.2::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4.2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.2.4-6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-central-db-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.2::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4.2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.2.4-6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-main-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.2::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4.2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.2.4-7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.2::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4.2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.2.4-6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-scanner-db-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.2::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4.2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.2.4-7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-scanner-db-slim-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8090020231114113712.a75119d5\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:13\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8090020231128173330.a75119d5\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:12\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8090020231114113548.a75119d5\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:15\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.2::appstream\", \"cpe:/a:redhat:rhel_aus:8.2::appstream\", \"cpe:/a:redhat:rhel_e4s:8.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Advanced Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8020020231128165246.4cda2c84\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:12\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.2::appstream\", \"cpe:/a:redhat:rhel_aus:8.2::appstream\", \"cpe:/a:redhat:rhel_e4s:8.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8020020231128165246.4cda2c84\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:12\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.2::appstream\", \"cpe:/a:redhat:rhel_aus:8.2::appstream\", \"cpe:/a:redhat:rhel_e4s:8.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8020020231128165246.4cda2c84\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:12\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_e4s:8.4::appstream\", \"cpe:/a:redhat:rhel_tus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8040020231127153301.522a0ee4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:12\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_e4s:8.4::appstream\", \"cpe:/a:redhat:rhel_tus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8040020231127154806.522a0ee4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:13\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_e4s:8.4::appstream\", \"cpe:/a:redhat:rhel_tus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8040020231127153301.522a0ee4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:12\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_e4s:8.4::appstream\", \"cpe:/a:redhat:rhel_tus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8040020231127154806.522a0ee4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:13\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_e4s:8.4::appstream\", \"cpe:/a:redhat:rhel_tus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8040020231127153301.522a0ee4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:12\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_e4s:8.4::appstream\", \"cpe:/a:redhat:rhel_tus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8040020231127154806.522a0ee4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:13\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8060020231114115246.ad008a3a\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:13\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8060020231128165328.ad008a3a\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:12\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8080020231114105206.63b34585\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:13\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8080020231128165335.63b34585\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:12\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8080020231113134015.63b34585\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:15\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/a:redhat:enterprise_linux:9::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:13.13-1.el9_3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"9030020231120082734.rhel9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:15\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.0::appstream\", \"cpe:/a:redhat:rhel_eus:9.0::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:13.13-1.el9_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.2::crb\", \"cpe:/a:redhat:rhel_eus:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:13.13-1.el9_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"9020020231115020618.rhel9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"postgresql:15\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_software_collections:3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Software Collections for Red Hat Enterprise Linux 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:12.17-1.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rh-postgresql12-postgresql\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_software_collections:3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Software Collections for Red Hat Enterprise Linux 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:13.13-1.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rh-postgresql13-postgresql\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:3.74::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHACS-3.74-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"3.74.8-9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-central-db-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:3.74::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHACS-3.74-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"3.74.8-9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-main-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:3.74::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHACS-3.74-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"3.74.8-7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:3.74::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHACS-3.74-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"3.74.8-9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-scanner-db-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:3.74::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHACS-3.74-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"3.74.8-9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-scanner-db-slim-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.1::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHACS-4.1-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.1.6-6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-central-db-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.1::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHACS-4.1-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.1.6-6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-main-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.1::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHACS-4.1-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.1.6-6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.1::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHACS-4.1-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.1.6-6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-scanner-db-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.1::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHACS-4.1-RHEL-8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.1.6-6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"advanced-cluster-security/rhacs-scanner-db-slim-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"postgresql\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"postgresql\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"postgresql:10/postgresql\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"postgresql:16/postgresql\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"postgresql:16/postgresql\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_software_collections:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Software Collections\", \"packageName\": \"rh-postgresql10-postgresql\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-10-31T00:00:00.000Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2023-11-09T00:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2023-11-09T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2023:7545\", \"name\": \"RHSA-2023:7545\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7579\", \"name\": \"RHSA-2023:7579\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7580\", \"name\": \"RHSA-2023:7580\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7581\", \"name\": \"RHSA-2023:7581\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7616\", \"name\": \"RHSA-2023:7616\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7656\", \"name\": \"RHSA-2023:7656\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7666\", \"name\": \"RHSA-2023:7666\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7667\", \"name\": \"RHSA-2023:7667\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7694\", \"name\": \"RHSA-2023:7694\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7695\", \"name\": \"RHSA-2023:7695\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7714\", \"name\": \"RHSA-2023:7714\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7770\", \"name\": \"RHSA-2023:7770\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7772\", \"name\": \"RHSA-2023:7772\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7784\", \"name\": \"RHSA-2023:7784\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7785\", \"name\": \"RHSA-2023:7785\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7883\", \"name\": \"RHSA-2023:7883\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7884\", \"name\": \"RHSA-2023:7884\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7885\", \"name\": \"RHSA-2023:7885\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0304\", \"name\": \"RHSA-2024:0304\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0332\", \"name\": \"RHSA-2024:0332\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0337\", \"name\": \"RHSA-2024:0337\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-5868\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2247168\", \"name\": \"RHBZ#2247168\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/\"}, {\"url\": \"https://www.postgresql.org/support/security/CVE-2023-5868/\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-686\", \"description\": \"Function Call With Incorrect Argument Type\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-03-12T05:21:09.981Z\"}, \"x_redhatCweChain\": \"CWE-686: Function Call With Incorrect Argument Type\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-5868\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-23T17:19:12.647Z\", \"dateReserved\": \"2023-10-31T03:56:17.314Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2023-12-10T17:56:57.176Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0760
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | User Entity Behavior Analytics pour IBM QRadar SIEM versions antérieures à 5.0.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à v5.2.1 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.2.1 | ||
| IBM | WebSphere | WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalités jsonp sans le dernier correctif de sécurité | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty ART versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | WebSphere | WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité APAR PH67137, APAR PH67132, | ||
| IBM | WebSphere | Cloud Pak for Applications versions 5.1 à 5.3 pour WebSphere Application Server Liberty sans les correctifs de sécurité APAR PH67132 et APAR PH67137 | ||
| IBM | WebSphere | IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de sécurité APAR PH67137 et APAR PH67132 | ||
| IBM | WebSphere | Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "User Entity Behavior Analytics pour IBM QRadar SIEM versions ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalit\u00e9s jsonp sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty ART versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 APAR PH67137, APAR PH67132,",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Applications versions 5.1 \u00e0 5.3 pour WebSphere Application Server Liberty sans les correctifs de s\u00e9curit\u00e9 APAR PH67132 et APAR PH67137",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de s\u00e9curit\u00e9 APAR PH67137 et APAR PH67132",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2025-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2016-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-30472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2023-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2021-3393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3393"
},
{
"name": "CVE-2025-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2025-36010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
},
{
"name": "CVE-2025-36047",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2022-49846",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-33114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2019-9193",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9193"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-37799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2023-26133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-56339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2022-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2024-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2023-52933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52933"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2022-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2024-6762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6762"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2018-1000873",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000873"
},
{
"name": "CVE-2023-32305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
},
{
"name": "CVE-2025-47287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0760",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243927",
"url": "https://www.ibm.com/support/pages/node/7243927"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243923",
"url": "https://www.ibm.com/support/pages/node/7243923"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243924",
"url": "https://www.ibm.com/support/pages/node/7243924"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244012",
"url": "https://www.ibm.com/support/pages/node/7244012"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243659",
"url": "https://www.ibm.com/support/pages/node/7243659"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244002",
"url": "https://www.ibm.com/support/pages/node/7244002"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243582",
"url": "https://www.ibm.com/support/pages/node/7243582"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243928",
"url": "https://www.ibm.com/support/pages/node/7243928"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243925",
"url": "https://www.ibm.com/support/pages/node/7243925"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244010",
"url": "https://www.ibm.com/support/pages/node/7244010"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243922",
"url": "https://www.ibm.com/support/pages/node/7243922"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243673",
"url": "https://www.ibm.com/support/pages/node/7243673"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243877",
"url": "https://www.ibm.com/support/pages/node/7243877"
}
]
}
FKIE_CVE-2023-5868
Vulnerability from fkie_nvd - Published: 2023-12-10 18:15 - Updated: 2026-06-17 06:49
Severity
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
References
Impacted products
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-operator-bundle",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231114113712.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231128173330.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231114113548.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231114115246.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231128165328.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231114105206.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231128165335.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231113134015.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9030020231120082734.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream",
"cpe:/a:redhat:rhel_eus:9.0::crb"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9020020231115020618.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_software_collections:3::el7"
],
"defaultStatus": "affected",
"packageName": "rh-postgresql12-postgresql",
"product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:12.17-1.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_software_collections:3::el7"
],
"defaultStatus": "affected",
"packageName": "rh-postgresql13-postgresql",
"product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-operator-bundle",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-operator-bundle",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "postgresql:10/postgresql",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "postgresql:16/postgresql",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "postgresql:16/postgresql",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_software_collections:3"
],
"defaultStatus": "affected",
"packageName": "rh-postgresql10-postgresql",
"product": "Red Hat Software Collections",
"vendor": "Red Hat"
}
],
"source": "secalert@redhat.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D407A29-CAB0-425B-87B6-F2487FAE6B71",
"versionEndExcluding": "11.22",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13B24306-F52A-47E4-A7E4-EA7E46F850EF",
"versionEndExcluding": "12.17",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA77ED73-60C6-4666-9355-7C28CD774001",
"versionEndExcluding": "13.13",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21",
"versionEndExcluding": "14.10",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8883865-D864-497D-B39C-90D3ACC6A932",
"versionEndExcluding": "15.5",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "654E69F1-844B-4E32-9C3D-FA8032FB3A61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "56CE19E2-F92D-4C36-9319-E6CD4766D0D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE46FD5-B415-49B7-BF2D-E76D068C3920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E39B04-D3E5-4106-8A8F-0C496FF9997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6967B4-C62B-4252-B5C3-50532B9EA3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "C2ED1251-245C-4390-8964-DDCAD54A8957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F797F2E-00E6-4D03-A94E-524227529A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F8A347-0ACE-40E4-BF7B-656D66DDB425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "62D3FD78-5B63-4A1B-B4EE-9B098844691E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de divulgaci\u00f3n de memoria en PostgreSQL que permite a usuarios remotos acceder a informaci\u00f3n confidencial explotando ciertas llamadas a funciones agregadas con argumentos de tipo \"desconocido\". El manejo de valores de tipo \"desconocido\" de cadenas literales sin designaci\u00f3n de tipo puede revelar bytes, lo que potencialmente revela informaci\u00f3n importante y confidencial. Este problema existe debido a una salida excesiva de datos en llamadas a funciones agregadas, lo que permite a los usuarios remotos leer una parte de la memoria del sistema."
}
],
"id": "CVE-2023-5868",
"lastModified": "2026-06-17T06:49:32.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-10T18:15:07.163",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7545"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7579"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7580"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7581"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7616"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7656"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7666"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7667"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7694"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7695"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7714"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7772"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7784"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7785"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7883"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7884"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7885"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0337"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5868"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.postgresql.org/support/security/CVE-2023-5868/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240119-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.postgresql.org/support/security/CVE-2023-5868/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-686"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-3F9W-7983-QCMQ
Vulnerability from github – Published: 2023-12-10 18:30 – Updated: 2025-11-04 21:30
VLAI
Details
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Severity
4.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-5868"
],
"database_specific": {
"cwe_ids": [
"CWE-686"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-10T18:15:07Z",
"severity": "MODERATE"
},
"details": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",
"id": "GHSA-3f9w-7983-qcmq",
"modified": "2025-11-04T21:30:50Z",
"published": "2023-12-10T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5868"
},
{
"type": "WEB",
"url": "https://www.postgresql.org/support/security/CVE-2023-5868"
},
{
"type": "WEB",
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240119-0003"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-5868"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0337"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7885"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7884"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7883"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7785"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7784"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7772"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7770"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7714"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7695"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7694"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7667"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7666"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7656"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7616"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7581"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7580"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7579"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7545"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2023-5868
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-5868",
"id": "GSD-2023-5868"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-5868"
],
"details": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",
"id": "GSD-2023-5868",
"modified": "2023-12-13T01:20:50.863802Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2023-5868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Hat Advanced Cluster Security 4.2",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-7",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-7",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231114113712.a75119d5",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231128173330.a75119d5",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231114113548.a75119d5",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231114115246.ad008a3a",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231128165328.ad008a3a",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231114105206.63b34585",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231128165335.63b34585",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231113134015.63b34585",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_3",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9030020231120082734.rhel9",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_0",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_2",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9020020231115020618.rhel9",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:12.17-1.el7",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el7",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "RHACS-3.74-RHEL-8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-7",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "RHACS-4.1-RHEL-8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Software Collections",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Jingzhou Fu as the original reporter."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-686",
"lang": "eng",
"value": "Function Call With Incorrect Argument Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/errata/RHSA-2023:7545",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7545"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7579",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7579"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7580",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7580"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7581",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7581"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7616",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7616"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7656",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7656"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7666",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7666"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7667",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7667"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7694",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7694"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7695",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7695"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7714",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7714"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7770",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7770"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7772",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7772"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7784",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7784"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7785",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7785"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7883",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7883"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7884",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7884"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7885",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7885"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:0304",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:0332",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:0337",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:0337"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2023-5868",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2023-5868"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168"
},
{
"name": "https://security.netapp.com/advisory/ntap-20240119-0003/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20240119-0003/"
},
{
"name": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/",
"refsource": "MISC",
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"
},
{
"name": "https://www.postgresql.org/support/security/CVE-2023-5868/",
"refsource": "MISC",
"url": "https://www.postgresql.org/support/security/CVE-2023-5868/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D407A29-CAB0-425B-87B6-F2487FAE6B71",
"versionEndExcluding": "11.22",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13B24306-F52A-47E4-A7E4-EA7E46F850EF",
"versionEndExcluding": "12.17",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA77ED73-60C6-4666-9355-7C28CD774001",
"versionEndExcluding": "13.13",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21",
"versionEndExcluding": "14.10",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8883865-D864-497D-B39C-90D3ACC6A932",
"versionEndExcluding": "15.5",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "654E69F1-844B-4E32-9C3D-FA8032FB3A61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "56CE19E2-F92D-4C36-9319-E6CD4766D0D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE46FD5-B415-49B7-BF2D-E76D068C3920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E39B04-D3E5-4106-8A8F-0C496FF9997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6967B4-C62B-4252-B5C3-50532B9EA3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "C2ED1251-245C-4390-8964-DDCAD54A8957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F797F2E-00E6-4D03-A94E-524227529A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F8A347-0ACE-40E4-BF7B-656D66DDB425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "62D3FD78-5B63-4A1B-B4EE-9B098844691E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de divulgaci\u00f3n de memoria en PostgreSQL que permite a usuarios remotos acceder a informaci\u00f3n confidencial explotando ciertas llamadas a funciones agregadas con argumentos de tipo \"desconocido\". El manejo de valores de tipo \"desconocido\" de cadenas literales sin designaci\u00f3n de tipo puede revelar bytes, lo que potencialmente revela informaci\u00f3n importante y confidencial. Este problema existe debido a una salida excesiva de datos en llamadas a funciones agregadas, lo que permite a los usuarios remotos leer una parte de la memoria del sistema."
}
],
"id": "CVE-2023-5868",
"lastModified": "2024-01-25T09:15:07.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2023-12-10T18:15:07.163",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7545"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7579"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7580"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7581"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7616"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7656"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7666"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7667"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7694"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7695"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7714"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7772"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7784"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7785"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7883"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7884"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7885"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0337"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5868"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20240119-0003/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.postgresql.org/support/security/CVE-2023-5868/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-686"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
}
}
}
ICSA-24-228-06
Vulnerability from csaf_cisa - Published: 2024-08-13 00:00 - Updated: 2024-08-13 00:00Summary
Siemens SINEC NMS
Notes
Summary: SINEC NMS before V3.0 is affected by multiple vulnerabilities.
Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
References
10 references
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEC NMS before V3.0 is affected by multiple vulnerabilities.\n\nSiemens has released a new version for SINEC NMS and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-784301.json"
},
{
"category": "self",
"summary": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-228-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-228-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-228-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SINEC NMS",
"tracking": {
"current_release_date": "2024-08-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1"
}
},
"id": "ICSA-24-228-06",
"initial_release_date": "2024-08-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2024-08-13T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0",
"product": {
"name": "SINEC NMS",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4611",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-4611"
},
{
"cve": "CVE-2023-5868",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5868"
},
{
"cve": "CVE-2023-5869",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\u0027s memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5869"
},
{
"cve": "CVE-2023-5870",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5870"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-6378"
},
{
"cve": "CVE-2023-6481",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-6481"
},
{
"cve": "CVE-2023-31122",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-34050",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "summary",
"text": "In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if \r\n\r\n * the SimpleMessageConverter or SerializerMessageConverter is used \r\n * the user does not configure allowed list patterns \r\n * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-34050"
},
{
"cve": "CVE-2023-39615",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\u0027s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-39615"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.\r\n\r\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \r\nin progress refactoring that exposed a potential denial of service on \r\nWindows if a web application opened a stream for an uploaded file but \r\nfailed to close the stream. The file would never be deleted from disk \r\ncreating the possibility of an eventual denial of service due to the \r\ndisk being full.\r\n\r\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \r\ncause Tomcat to skip some parts of the recycling process leading to \r\ninformation leaking from the current request/response to the next.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-43622",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\r\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\r\n\r\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-43622"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \r\ncrafted, invalid trailer header could cause Tomcat to treat a single \r\nrequest as multiple requests leading to the possibility of request \r\nsmuggling when behind a reverse proxy.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-45802",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request\u0027s memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\r\n\r\nThis was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-45802"
},
{
"cve": "CVE-2023-46120",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-46120"
},
{
"cve": "CVE-2023-46280",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-46280"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-0985",
"cwe": {
"id": "CWE-271",
"name": "Privilege Dropping / Lowering Errors"
},
"notes": [
{
"category": "summary",
"text": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker\u0027s roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker\u0027s materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-0985"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-36398",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "summary",
"text": "The affected application executes a subset of its services as `NT AUTHORITY\\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-36398"
},
{
"cve": "CVE-2024-41938",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-41938"
},
{
"cve": "CVE-2024-41939",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-41939"
},
{
"cve": "CVE-2024-41940",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-41940"
},
{
"cve": "CVE-2024-41941",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-41941"
}
]
}
MSRC_CVE-2023-5868
Vulnerability from csaf_microsoft - Published: 2023-12-01 08:00 - Updated: 2023-12-11 00:00Summary
Postgresql: memory disclosure in aggregate function calls
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5868 Postgresql: memory disclosure in aggregate function calls - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-5868.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Postgresql: memory disclosure in aggregate function calls",
"tracking": {
"current_release_date": "2023-12-11T00:00:00.000Z",
"generator": {
"date": "2025-10-20T00:49:37.100Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-5868",
"initial_release_date": "2023-12-01T08:00:00.000Z",
"revision_history": [
{
"date": "2023-12-11T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 postgresql 14.10-1",
"product": {
"name": "\u003ccbl2 postgresql 14.10-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 postgresql 14.10-1",
"product": {
"name": "cbl2 postgresql 14.10-1",
"product_id": "18239"
}
}
],
"category": "product_name",
"name": "postgresql"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 postgresql 14.10-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 postgresql 14.10-1 as a component of CBL Mariner 2.0",
"product_id": "18239-17086"
},
"product_reference": "18239",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5868",
"cwe": {
"id": "CWE-686",
"name": "Function Call With Incorrect Argument Type"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18239-17086"
],
"known_affected": [
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5868 Postgresql: memory disclosure in aggregate function calls - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-5868.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-11T00:00:00.000Z",
"details": "14.10-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"17086-1"
]
}
],
"title": "Postgresql: memory disclosure in aggregate function calls"
}
]
}
NCSC-2024-0332
Vulnerability from csaf_ncscnl - Published: 2024-08-13 09:21 - Updated: 2024-08-13 09:21Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten als COMOS, INTRALOG, LOGO!, NX, SCALANCE, SINEC en Teamcenter.
Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Spoofing
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-125: Out-of-bounds Read
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-250: Execution with Unnecessary Privileges
CWE-256: Plaintext Storage of a Password
CWE-269: Improper Privilege Management
CWE-284: Improper Access Control
CWE-307: Improper Restriction of Excessive Authentication Attempts
CWE-326: Inadequate Encryption Strength
CWE-358: Improperly Implemented Security Check for Standard
CWE-488: Exposure of Data Element to Wrong Session
CWE-521: Weak Password Requirements
CWE-524: Use of Cache Containing Sensitive Information
CWE-532: Insertion of Sensitive Information into Log File
CWE-863: Incorrect Authorization
CWE-416
- Use After Free
CWE-787
- Out-of-bounds Write
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
CWE-190
- Integer Overflow or Wraparound
CWE-404
- Improper Resource Shutdown or Release
CWE-499
- Serializable Class Containing Sensitive Data
CWE-400
- Uncontrolled Resource Consumption
CWE-416
- Use After Free
CWE-125
- Out-of-bounds Read
CWE-502
- Deserialization of Untrusted Data
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-459
- Incomplete Cleanup
CWE-459
- Incomplete Cleanup
CWE-400
- Uncontrolled Resource Consumption
CWE-400
- Uncontrolled Resource Consumption
CWE-400
- Uncontrolled Resource Consumption
CWE-20
- Improper Input Validation
CWE-400
- Uncontrolled Resource Consumption
CWE-400
- Uncontrolled Resource Consumption
CWE-125
- Out-of-bounds Read
CWE-444
- Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-400
- Uncontrolled Resource Consumption
CWE-776
- Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-420
- Unprotected Alternate Channel
CWE-271
- Privilege Dropping / Lowering Errors
CWE-416
- Use After Free
CWE-400
- Uncontrolled Resource Consumption
CWE-611
- Improper Restriction of XML External Entity Reference
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-125
- Out-of-bounds Read
CWE-125
- Out-of-bounds Read
CWE-476
- NULL Pointer Dereference
CWE-250
- Execution with Unnecessary Privileges
CWE-256
- Plaintext Storage of a Password
CWE-326
- Inadequate Encryption Strength
CWE-307
- Improper Restriction of Excessive Authentication Attempts
CWE-521
- Weak Password Requirements
CWE-269
- Improper Privilege Management
CWE-307
- Improper Restriction of Excessive Authentication Attempts
CWE-284
- Improper Access Control
CWE-524
- Use of Cache Containing Sensitive Information
CWE-358
- Improperly Implemented Security Check for Standard
CWE-125
- Out-of-bounds Read
CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-863
- Incorrect Authorization
CWE-20
- Improper Input Validation
CWE-863
- Incorrect Authorization
CWE-20
- Improper Input Validation
CWE-488
- Exposure of Data Element to Wrong Session
CWE-532
- Insertion of Sensitive Information into Log File
References
59 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als COMOS, INTRALOG, LOGO!, NX, SCALANCE, SINEC en Teamcenter.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Spoofing\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "Plaintext Storage of a Password",
"title": "CWE-256"
},
{
"category": "general",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Restriction of Excessive Authentication Attempts",
"title": "CWE-307"
},
{
"category": "general",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "general",
"text": "Improperly Implemented Security Check for Standard",
"title": "CWE-358"
},
{
"category": "general",
"text": "Exposure of Data Element to Wrong Session",
"title": "CWE-488"
},
{
"category": "general",
"text": "Weak Password Requirements",
"title": "CWE-521"
},
{
"category": "general",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087301.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-357412.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-417547.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-659443.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-716317.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-720392.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784301.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-856475.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-921449.pdf"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2024-08-13T09:21:28.381575Z",
"id": "NCSC-2024-0332",
"initial_release_date": "2024-08-13T09:21:28.381575Z",
"revision_history": [
{
"date": "2024-08-13T09:21:28.381575Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"vulnerabilities": [
{
"cve": "CVE-2023-4611",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-4611",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4611.json"
}
],
"title": "CVE-2023-4611"
},
{
"cve": "CVE-2023-5180",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-5180",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5180.json"
}
],
"title": "CVE-2023-5180"
},
{
"cve": "CVE-2023-5868",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Function Call With Incorrect Argument Type",
"title": "CWE-686"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-5868",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5868.json"
}
],
"title": "CVE-2023-5868"
},
{
"cve": "CVE-2023-5869",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-5869",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5869.json"
}
],
"title": "CVE-2023-5869"
},
{
"cve": "CVE-2023-5870",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-5870",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5870.json"
}
],
"title": "CVE-2023-5870"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-499",
"name": "Serializable Class Containing Sensitive Data"
},
"notes": [
{
"category": "other",
"text": "Serializable Class Containing Sensitive Data",
"title": "CWE-499"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-6378",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6378.json"
}
],
"title": "CVE-2023-6378"
},
{
"cve": "CVE-2023-6481",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-6481",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6481.json"
}
],
"title": "CVE-2023-6481"
},
{
"cve": "CVE-2023-26495",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-26495",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26495.json"
}
],
"title": "CVE-2023-26495"
},
{
"cve": "CVE-2023-31122",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-31122",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-31122.json"
}
],
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-34050",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-34050",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34050.json"
}
],
"title": "CVE-2023-34050"
},
{
"cve": "CVE-2023-39615",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-39615",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39615.json"
}
],
"title": "CVE-2023-39615"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-42794",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42794.json"
}
],
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-42795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42795.json"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-43622",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-43622",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43622.json"
}
],
"title": "CVE-2023-43622"
},
{
"cve": "CVE-2023-44321",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-44321",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44321.json"
}
],
"title": "CVE-2023-44321"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-45648",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45648.json"
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-45802",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-45802",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45802.json"
}
],
"title": "CVE-2023-45802"
},
{
"cve": "CVE-2023-46120",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-46120",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46120.json"
}
],
"title": "CVE-2023-46120"
},
{
"cve": "CVE-2023-46280",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-46280",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46280.json"
}
],
"title": "CVE-2023-46280"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-52425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-52426",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52426.json"
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-0056",
"cwe": {
"id": "CWE-420",
"name": "Unprotected Alternate Channel"
},
"notes": [
{
"category": "other",
"text": "Unprotected Alternate Channel",
"title": "CWE-420"
},
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-0056",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0056.json"
}
],
"title": "CVE-2024-0056"
},
{
"cve": "CVE-2024-0985",
"cwe": {
"id": "CWE-271",
"name": "Privilege Dropping / Lowering Errors"
},
"notes": [
{
"category": "other",
"text": "Privilege Dropping / Lowering Errors",
"title": "CWE-271"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-0985",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0985.json"
}
],
"title": "CVE-2024-0985"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-28182",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-28757",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28757.json"
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-30045",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-30045",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30045.json"
}
],
"title": "CVE-2024-30045"
},
{
"cve": "CVE-2024-32635",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-32635",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32635.json"
}
],
"title": "CVE-2024-32635"
},
{
"cve": "CVE-2024-32636",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-32636",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32636.json"
}
],
"title": "CVE-2024-32636"
},
{
"cve": "CVE-2024-32637",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-32637",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32637.json"
}
],
"title": "CVE-2024-32637"
},
{
"cve": "CVE-2024-36398",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-36398",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36398.json"
}
],
"title": "CVE-2024-36398"
},
{
"cve": "CVE-2024-39922",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"notes": [
{
"category": "other",
"text": "Plaintext Storage of a Password",
"title": "CWE-256"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39922",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39922.json"
}
],
"title": "CVE-2024-39922"
},
{
"cve": "CVE-2024-41681",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "other",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41681",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41681.json"
}
],
"title": "CVE-2024-41681"
},
{
"cve": "CVE-2024-41682",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Excessive Authentication Attempts",
"title": "CWE-307"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41682",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41682.json"
}
],
"title": "CVE-2024-41682"
},
{
"cve": "CVE-2024-41683",
"cwe": {
"id": "CWE-521",
"name": "Weak Password Requirements"
},
"notes": [
{
"category": "other",
"text": "Weak Password Requirements",
"title": "CWE-521"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41683",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41683.json"
}
],
"title": "CVE-2024-41683"
},
{
"cve": "CVE-2024-41903",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41903",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41903.json"
}
],
"title": "CVE-2024-41903"
},
{
"cve": "CVE-2024-41904",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Excessive Authentication Attempts",
"title": "CWE-307"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41904",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41904.json"
}
],
"title": "CVE-2024-41904"
},
{
"cve": "CVE-2024-41905",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41905",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41905.json"
}
],
"title": "CVE-2024-41905"
},
{
"cve": "CVE-2024-41906",
"cwe": {
"id": "CWE-524",
"name": "Use of Cache Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41906",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41906.json"
}
],
"title": "CVE-2024-41906"
},
{
"cve": "CVE-2024-41907",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"notes": [
{
"category": "other",
"text": "Improperly Implemented Security Check for Standard",
"title": "CWE-358"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41907",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41907.json"
}
],
"title": "CVE-2024-41907"
},
{
"cve": "CVE-2024-41908",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41908",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41908.json"
}
],
"title": "CVE-2024-41908"
},
{
"cve": "CVE-2024-41938",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41938",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41938.json"
}
],
"title": "CVE-2024-41938"
},
{
"cve": "CVE-2024-41939",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41939",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41939.json"
}
],
"title": "CVE-2024-41939"
},
{
"cve": "CVE-2024-41940",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41940",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41940.json"
}
],
"title": "CVE-2024-41940"
},
{
"cve": "CVE-2024-41941",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41941",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41941.json"
}
],
"title": "CVE-2024-41941"
},
{
"cve": "CVE-2024-41976",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41976",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41976.json"
}
],
"title": "CVE-2024-41976"
},
{
"cve": "CVE-2024-41977",
"cwe": {
"id": "CWE-488",
"name": "Exposure of Data Element to Wrong Session"
},
"notes": [
{
"category": "other",
"text": "Exposure of Data Element to Wrong Session",
"title": "CWE-488"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41977",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41977.json"
}
],
"title": "CVE-2024-41977"
},
{
"cve": "CVE-2024-41978",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41978",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41978.json"
}
],
"title": "CVE-2024-41978"
}
]
}
OPENSUSE-SU-2024:13408-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
postgresql11-11.22-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: postgresql11-11.22-1.1 on GA media
Description of the patch: These are all security issues fixed in the postgresql11-11.22-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13408
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.2 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "postgresql11-11.22-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the postgresql11-11.22-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13408",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13408-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5868 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5869 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5870 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5870/"
}
],
"title": "postgresql11-11.22-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13408-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "postgresql11-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-11.22-1.1.aarch64",
"product_id": "postgresql11-11.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql11-contrib-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-contrib-11.22-1.1.aarch64",
"product_id": "postgresql11-contrib-11.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql11-devel-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-devel-11.22-1.1.aarch64",
"product_id": "postgresql11-devel-11.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql11-docs-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-docs-11.22-1.1.aarch64",
"product_id": "postgresql11-docs-11.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql11-llvmjit-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-llvmjit-11.22-1.1.aarch64",
"product_id": "postgresql11-llvmjit-11.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"product_id": "postgresql11-llvmjit-devel-11.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql11-plperl-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-plperl-11.22-1.1.aarch64",
"product_id": "postgresql11-plperl-11.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql11-plpython-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-plpython-11.22-1.1.aarch64",
"product_id": "postgresql11-plpython-11.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql11-pltcl-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-pltcl-11.22-1.1.aarch64",
"product_id": "postgresql11-pltcl-11.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql11-server-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-server-11.22-1.1.aarch64",
"product_id": "postgresql11-server-11.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql11-server-devel-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-server-devel-11.22-1.1.aarch64",
"product_id": "postgresql11-server-devel-11.22-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql11-test-11.22-1.1.aarch64",
"product": {
"name": "postgresql11-test-11.22-1.1.aarch64",
"product_id": "postgresql11-test-11.22-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql11-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-11.22-1.1.ppc64le",
"product_id": "postgresql11-11.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql11-contrib-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-contrib-11.22-1.1.ppc64le",
"product_id": "postgresql11-contrib-11.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql11-devel-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-devel-11.22-1.1.ppc64le",
"product_id": "postgresql11-devel-11.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql11-docs-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-docs-11.22-1.1.ppc64le",
"product_id": "postgresql11-docs-11.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql11-llvmjit-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-llvmjit-11.22-1.1.ppc64le",
"product_id": "postgresql11-llvmjit-11.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"product_id": "postgresql11-llvmjit-devel-11.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql11-plperl-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-plperl-11.22-1.1.ppc64le",
"product_id": "postgresql11-plperl-11.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql11-plpython-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-plpython-11.22-1.1.ppc64le",
"product_id": "postgresql11-plpython-11.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql11-pltcl-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-pltcl-11.22-1.1.ppc64le",
"product_id": "postgresql11-pltcl-11.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql11-server-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-server-11.22-1.1.ppc64le",
"product_id": "postgresql11-server-11.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql11-server-devel-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-server-devel-11.22-1.1.ppc64le",
"product_id": "postgresql11-server-devel-11.22-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql11-test-11.22-1.1.ppc64le",
"product": {
"name": "postgresql11-test-11.22-1.1.ppc64le",
"product_id": "postgresql11-test-11.22-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql11-11.22-1.1.s390x",
"product": {
"name": "postgresql11-11.22-1.1.s390x",
"product_id": "postgresql11-11.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql11-contrib-11.22-1.1.s390x",
"product": {
"name": "postgresql11-contrib-11.22-1.1.s390x",
"product_id": "postgresql11-contrib-11.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql11-devel-11.22-1.1.s390x",
"product": {
"name": "postgresql11-devel-11.22-1.1.s390x",
"product_id": "postgresql11-devel-11.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql11-docs-11.22-1.1.s390x",
"product": {
"name": "postgresql11-docs-11.22-1.1.s390x",
"product_id": "postgresql11-docs-11.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql11-llvmjit-11.22-1.1.s390x",
"product": {
"name": "postgresql11-llvmjit-11.22-1.1.s390x",
"product_id": "postgresql11-llvmjit-11.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql11-llvmjit-devel-11.22-1.1.s390x",
"product": {
"name": "postgresql11-llvmjit-devel-11.22-1.1.s390x",
"product_id": "postgresql11-llvmjit-devel-11.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql11-plperl-11.22-1.1.s390x",
"product": {
"name": "postgresql11-plperl-11.22-1.1.s390x",
"product_id": "postgresql11-plperl-11.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql11-plpython-11.22-1.1.s390x",
"product": {
"name": "postgresql11-plpython-11.22-1.1.s390x",
"product_id": "postgresql11-plpython-11.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql11-pltcl-11.22-1.1.s390x",
"product": {
"name": "postgresql11-pltcl-11.22-1.1.s390x",
"product_id": "postgresql11-pltcl-11.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql11-server-11.22-1.1.s390x",
"product": {
"name": "postgresql11-server-11.22-1.1.s390x",
"product_id": "postgresql11-server-11.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql11-server-devel-11.22-1.1.s390x",
"product": {
"name": "postgresql11-server-devel-11.22-1.1.s390x",
"product_id": "postgresql11-server-devel-11.22-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql11-test-11.22-1.1.s390x",
"product": {
"name": "postgresql11-test-11.22-1.1.s390x",
"product_id": "postgresql11-test-11.22-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql11-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-11.22-1.1.x86_64",
"product_id": "postgresql11-11.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql11-contrib-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-contrib-11.22-1.1.x86_64",
"product_id": "postgresql11-contrib-11.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql11-devel-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-devel-11.22-1.1.x86_64",
"product_id": "postgresql11-devel-11.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql11-docs-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-docs-11.22-1.1.x86_64",
"product_id": "postgresql11-docs-11.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql11-llvmjit-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-llvmjit-11.22-1.1.x86_64",
"product_id": "postgresql11-llvmjit-11.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"product_id": "postgresql11-llvmjit-devel-11.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql11-plperl-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-plperl-11.22-1.1.x86_64",
"product_id": "postgresql11-plperl-11.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql11-plpython-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-plpython-11.22-1.1.x86_64",
"product_id": "postgresql11-plpython-11.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql11-pltcl-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-pltcl-11.22-1.1.x86_64",
"product_id": "postgresql11-pltcl-11.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql11-server-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-server-11.22-1.1.x86_64",
"product_id": "postgresql11-server-11.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql11-server-devel-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-server-devel-11.22-1.1.x86_64",
"product_id": "postgresql11-server-devel-11.22-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql11-test-11.22-1.1.x86_64",
"product": {
"name": "postgresql11-test-11.22-1.1.x86_64",
"product_id": "postgresql11-test-11.22-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x"
},
"product_reference": "postgresql11-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-contrib-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-contrib-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-contrib-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-contrib-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-contrib-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x"
},
"product_reference": "postgresql11-contrib-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-contrib-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-contrib-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-devel-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-devel-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-devel-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-devel-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-devel-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x"
},
"product_reference": "postgresql11-devel-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-devel-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-devel-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-docs-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-docs-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-docs-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-docs-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-docs-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x"
},
"product_reference": "postgresql11-docs-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-docs-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-docs-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-llvmjit-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-llvmjit-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-llvmjit-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-llvmjit-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-llvmjit-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x"
},
"product_reference": "postgresql11-llvmjit-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-llvmjit-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-llvmjit-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-llvmjit-devel-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-llvmjit-devel-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-llvmjit-devel-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x"
},
"product_reference": "postgresql11-llvmjit-devel-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-llvmjit-devel-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-plperl-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-plperl-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-plperl-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-plperl-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-plperl-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x"
},
"product_reference": "postgresql11-plperl-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-plperl-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-plperl-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-plpython-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-plpython-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-plpython-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-plpython-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-plpython-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x"
},
"product_reference": "postgresql11-plpython-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-plpython-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-plpython-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-pltcl-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-pltcl-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-pltcl-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-pltcl-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-pltcl-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x"
},
"product_reference": "postgresql11-pltcl-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-pltcl-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-pltcl-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-server-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-server-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-server-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-server-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-server-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x"
},
"product_reference": "postgresql11-server-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-server-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-server-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-server-devel-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-server-devel-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-server-devel-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-server-devel-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-server-devel-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x"
},
"product_reference": "postgresql11-server-devel-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-server-devel-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-server-devel-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-test-11.22-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64"
},
"product_reference": "postgresql11-test-11.22-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-test-11.22-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le"
},
"product_reference": "postgresql11-test-11.22-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-test-11.22-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x"
},
"product_reference": "postgresql11-test-11.22-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql11-test-11.22-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64"
},
"product_reference": "postgresql11-test-11.22-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5868"
}
],
"notes": [
{
"category": "general",
"text": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5868",
"url": "https://www.suse.com/security/cve/CVE-2023-5868"
},
{
"category": "external",
"summary": "SUSE Bug 1216962 for CVE-2023-5868",
"url": "https://bugzilla.suse.com/1216962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-5868"
},
{
"cve": "CVE-2023-5869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5869"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\u0027s memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5869",
"url": "https://www.suse.com/security/cve/CVE-2023-5869"
},
{
"category": "external",
"summary": "SUSE Bug 1216961 for CVE-2023-5869",
"url": "https://bugzilla.suse.com/1216961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-5869"
},
{
"cve": "CVE-2023-5870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5870"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5870",
"url": "https://www.suse.com/security/cve/CVE-2023-5870"
},
{
"category": "external",
"summary": "SUSE Bug 1216960 for CVE-2023-5870",
"url": "https://bugzilla.suse.com/1216960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql11-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-contrib-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-docs-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-llvmjit-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plperl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-plpython-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-pltcl-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-server-devel-11.22-1.1.x86_64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.aarch64",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.s390x",
"openSUSE Tumbleweed:postgresql11-test-11.22-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-5870"
}
]
}
OPENSUSE-SU-2024:13409-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
postgresql13-13.13-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: postgresql13-13.13-1.1 on GA media
Description of the patch: These are all security issues fixed in the postgresql13-13.13-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13409
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.2 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "postgresql13-13.13-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the postgresql13-13.13-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13409",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13409-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5868 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5869 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5870 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5870/"
}
],
"title": "postgresql13-13.13-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13409-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "postgresql13-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-13.13-1.1.aarch64",
"product_id": "postgresql13-13.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql13-contrib-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-contrib-13.13-1.1.aarch64",
"product_id": "postgresql13-contrib-13.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql13-devel-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-devel-13.13-1.1.aarch64",
"product_id": "postgresql13-devel-13.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql13-docs-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-docs-13.13-1.1.aarch64",
"product_id": "postgresql13-docs-13.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql13-llvmjit-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-llvmjit-13.13-1.1.aarch64",
"product_id": "postgresql13-llvmjit-13.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"product_id": "postgresql13-llvmjit-devel-13.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql13-plperl-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-plperl-13.13-1.1.aarch64",
"product_id": "postgresql13-plperl-13.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql13-plpython-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-plpython-13.13-1.1.aarch64",
"product_id": "postgresql13-plpython-13.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql13-pltcl-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-pltcl-13.13-1.1.aarch64",
"product_id": "postgresql13-pltcl-13.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql13-server-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-server-13.13-1.1.aarch64",
"product_id": "postgresql13-server-13.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql13-server-devel-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-server-devel-13.13-1.1.aarch64",
"product_id": "postgresql13-server-devel-13.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql13-test-13.13-1.1.aarch64",
"product": {
"name": "postgresql13-test-13.13-1.1.aarch64",
"product_id": "postgresql13-test-13.13-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql13-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-13.13-1.1.ppc64le",
"product_id": "postgresql13-13.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql13-contrib-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-contrib-13.13-1.1.ppc64le",
"product_id": "postgresql13-contrib-13.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql13-devel-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-devel-13.13-1.1.ppc64le",
"product_id": "postgresql13-devel-13.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql13-docs-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-docs-13.13-1.1.ppc64le",
"product_id": "postgresql13-docs-13.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql13-llvmjit-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-llvmjit-13.13-1.1.ppc64le",
"product_id": "postgresql13-llvmjit-13.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"product_id": "postgresql13-llvmjit-devel-13.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql13-plperl-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-plperl-13.13-1.1.ppc64le",
"product_id": "postgresql13-plperl-13.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql13-plpython-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-plpython-13.13-1.1.ppc64le",
"product_id": "postgresql13-plpython-13.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql13-pltcl-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-pltcl-13.13-1.1.ppc64le",
"product_id": "postgresql13-pltcl-13.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql13-server-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-server-13.13-1.1.ppc64le",
"product_id": "postgresql13-server-13.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql13-server-devel-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-server-devel-13.13-1.1.ppc64le",
"product_id": "postgresql13-server-devel-13.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql13-test-13.13-1.1.ppc64le",
"product": {
"name": "postgresql13-test-13.13-1.1.ppc64le",
"product_id": "postgresql13-test-13.13-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql13-13.13-1.1.s390x",
"product": {
"name": "postgresql13-13.13-1.1.s390x",
"product_id": "postgresql13-13.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql13-contrib-13.13-1.1.s390x",
"product": {
"name": "postgresql13-contrib-13.13-1.1.s390x",
"product_id": "postgresql13-contrib-13.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql13-devel-13.13-1.1.s390x",
"product": {
"name": "postgresql13-devel-13.13-1.1.s390x",
"product_id": "postgresql13-devel-13.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql13-docs-13.13-1.1.s390x",
"product": {
"name": "postgresql13-docs-13.13-1.1.s390x",
"product_id": "postgresql13-docs-13.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql13-llvmjit-13.13-1.1.s390x",
"product": {
"name": "postgresql13-llvmjit-13.13-1.1.s390x",
"product_id": "postgresql13-llvmjit-13.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql13-llvmjit-devel-13.13-1.1.s390x",
"product": {
"name": "postgresql13-llvmjit-devel-13.13-1.1.s390x",
"product_id": "postgresql13-llvmjit-devel-13.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql13-plperl-13.13-1.1.s390x",
"product": {
"name": "postgresql13-plperl-13.13-1.1.s390x",
"product_id": "postgresql13-plperl-13.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql13-plpython-13.13-1.1.s390x",
"product": {
"name": "postgresql13-plpython-13.13-1.1.s390x",
"product_id": "postgresql13-plpython-13.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql13-pltcl-13.13-1.1.s390x",
"product": {
"name": "postgresql13-pltcl-13.13-1.1.s390x",
"product_id": "postgresql13-pltcl-13.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql13-server-13.13-1.1.s390x",
"product": {
"name": "postgresql13-server-13.13-1.1.s390x",
"product_id": "postgresql13-server-13.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql13-server-devel-13.13-1.1.s390x",
"product": {
"name": "postgresql13-server-devel-13.13-1.1.s390x",
"product_id": "postgresql13-server-devel-13.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql13-test-13.13-1.1.s390x",
"product": {
"name": "postgresql13-test-13.13-1.1.s390x",
"product_id": "postgresql13-test-13.13-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql13-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-13.13-1.1.x86_64",
"product_id": "postgresql13-13.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql13-contrib-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-contrib-13.13-1.1.x86_64",
"product_id": "postgresql13-contrib-13.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql13-devel-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-devel-13.13-1.1.x86_64",
"product_id": "postgresql13-devel-13.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql13-docs-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-docs-13.13-1.1.x86_64",
"product_id": "postgresql13-docs-13.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql13-llvmjit-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-llvmjit-13.13-1.1.x86_64",
"product_id": "postgresql13-llvmjit-13.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"product_id": "postgresql13-llvmjit-devel-13.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql13-plperl-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-plperl-13.13-1.1.x86_64",
"product_id": "postgresql13-plperl-13.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql13-plpython-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-plpython-13.13-1.1.x86_64",
"product_id": "postgresql13-plpython-13.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql13-pltcl-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-pltcl-13.13-1.1.x86_64",
"product_id": "postgresql13-pltcl-13.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql13-server-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-server-13.13-1.1.x86_64",
"product_id": "postgresql13-server-13.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql13-server-devel-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-server-devel-13.13-1.1.x86_64",
"product_id": "postgresql13-server-devel-13.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql13-test-13.13-1.1.x86_64",
"product": {
"name": "postgresql13-test-13.13-1.1.x86_64",
"product_id": "postgresql13-test-13.13-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x"
},
"product_reference": "postgresql13-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-contrib-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-contrib-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-contrib-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-contrib-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-contrib-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x"
},
"product_reference": "postgresql13-contrib-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-contrib-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-contrib-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-devel-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-devel-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-devel-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-devel-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-devel-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x"
},
"product_reference": "postgresql13-devel-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-devel-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-devel-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-docs-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-docs-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-docs-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-docs-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-docs-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x"
},
"product_reference": "postgresql13-docs-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-docs-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-docs-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-llvmjit-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-llvmjit-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-llvmjit-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-llvmjit-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-llvmjit-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x"
},
"product_reference": "postgresql13-llvmjit-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-llvmjit-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-llvmjit-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-llvmjit-devel-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-llvmjit-devel-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-llvmjit-devel-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x"
},
"product_reference": "postgresql13-llvmjit-devel-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-llvmjit-devel-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-plperl-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-plperl-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-plperl-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-plperl-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-plperl-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x"
},
"product_reference": "postgresql13-plperl-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-plperl-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-plperl-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-plpython-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-plpython-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-plpython-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-plpython-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-plpython-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x"
},
"product_reference": "postgresql13-plpython-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-plpython-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-plpython-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-pltcl-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-pltcl-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-pltcl-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-pltcl-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-pltcl-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x"
},
"product_reference": "postgresql13-pltcl-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-pltcl-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-pltcl-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-server-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-server-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-server-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-server-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-server-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x"
},
"product_reference": "postgresql13-server-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-server-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-server-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-server-devel-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-server-devel-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-server-devel-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-server-devel-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-server-devel-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x"
},
"product_reference": "postgresql13-server-devel-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-server-devel-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-server-devel-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-test-13.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64"
},
"product_reference": "postgresql13-test-13.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-test-13.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le"
},
"product_reference": "postgresql13-test-13.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-test-13.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x"
},
"product_reference": "postgresql13-test-13.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql13-test-13.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64"
},
"product_reference": "postgresql13-test-13.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5868"
}
],
"notes": [
{
"category": "general",
"text": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5868",
"url": "https://www.suse.com/security/cve/CVE-2023-5868"
},
{
"category": "external",
"summary": "SUSE Bug 1216962 for CVE-2023-5868",
"url": "https://bugzilla.suse.com/1216962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-5868"
},
{
"cve": "CVE-2023-5869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5869"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\u0027s memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5869",
"url": "https://www.suse.com/security/cve/CVE-2023-5869"
},
{
"category": "external",
"summary": "SUSE Bug 1216961 for CVE-2023-5869",
"url": "https://bugzilla.suse.com/1216961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-5869"
},
{
"cve": "CVE-2023-5870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5870"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5870",
"url": "https://www.suse.com/security/cve/CVE-2023-5870"
},
{
"category": "external",
"summary": "SUSE Bug 1216960 for CVE-2023-5870",
"url": "https://bugzilla.suse.com/1216960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql13-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-contrib-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-docs-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-llvmjit-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plperl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-plpython-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-pltcl-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-server-devel-13.13-1.1.x86_64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.aarch64",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.s390x",
"openSUSE Tumbleweed:postgresql13-test-13.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-5870"
}
]
}
OPENSUSE-SU-2024:13410-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
postgresql14-14.10-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: postgresql14-14.10-1.1 on GA media
Description of the patch: These are all security issues fixed in the postgresql14-14.10-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13410
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.2 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "postgresql14-14.10-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the postgresql14-14.10-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13410",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13410-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5868 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5869 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5870 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5870/"
}
],
"title": "postgresql14-14.10-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13410-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "postgresql14-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-14.10-1.1.aarch64",
"product_id": "postgresql14-14.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql14-contrib-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-contrib-14.10-1.1.aarch64",
"product_id": "postgresql14-contrib-14.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql14-devel-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-devel-14.10-1.1.aarch64",
"product_id": "postgresql14-devel-14.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql14-docs-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-docs-14.10-1.1.aarch64",
"product_id": "postgresql14-docs-14.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql14-llvmjit-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-llvmjit-14.10-1.1.aarch64",
"product_id": "postgresql14-llvmjit-14.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"product_id": "postgresql14-llvmjit-devel-14.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql14-plperl-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-plperl-14.10-1.1.aarch64",
"product_id": "postgresql14-plperl-14.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql14-plpython-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-plpython-14.10-1.1.aarch64",
"product_id": "postgresql14-plpython-14.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql14-pltcl-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-pltcl-14.10-1.1.aarch64",
"product_id": "postgresql14-pltcl-14.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql14-server-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-server-14.10-1.1.aarch64",
"product_id": "postgresql14-server-14.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql14-server-devel-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-server-devel-14.10-1.1.aarch64",
"product_id": "postgresql14-server-devel-14.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql14-test-14.10-1.1.aarch64",
"product": {
"name": "postgresql14-test-14.10-1.1.aarch64",
"product_id": "postgresql14-test-14.10-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql14-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-14.10-1.1.ppc64le",
"product_id": "postgresql14-14.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql14-contrib-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-contrib-14.10-1.1.ppc64le",
"product_id": "postgresql14-contrib-14.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql14-devel-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-devel-14.10-1.1.ppc64le",
"product_id": "postgresql14-devel-14.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql14-docs-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-docs-14.10-1.1.ppc64le",
"product_id": "postgresql14-docs-14.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql14-llvmjit-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-llvmjit-14.10-1.1.ppc64le",
"product_id": "postgresql14-llvmjit-14.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"product_id": "postgresql14-llvmjit-devel-14.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql14-plperl-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-plperl-14.10-1.1.ppc64le",
"product_id": "postgresql14-plperl-14.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql14-plpython-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-plpython-14.10-1.1.ppc64le",
"product_id": "postgresql14-plpython-14.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql14-pltcl-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-pltcl-14.10-1.1.ppc64le",
"product_id": "postgresql14-pltcl-14.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql14-server-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-server-14.10-1.1.ppc64le",
"product_id": "postgresql14-server-14.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql14-server-devel-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-server-devel-14.10-1.1.ppc64le",
"product_id": "postgresql14-server-devel-14.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql14-test-14.10-1.1.ppc64le",
"product": {
"name": "postgresql14-test-14.10-1.1.ppc64le",
"product_id": "postgresql14-test-14.10-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql14-14.10-1.1.s390x",
"product": {
"name": "postgresql14-14.10-1.1.s390x",
"product_id": "postgresql14-14.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql14-contrib-14.10-1.1.s390x",
"product": {
"name": "postgresql14-contrib-14.10-1.1.s390x",
"product_id": "postgresql14-contrib-14.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql14-devel-14.10-1.1.s390x",
"product": {
"name": "postgresql14-devel-14.10-1.1.s390x",
"product_id": "postgresql14-devel-14.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql14-docs-14.10-1.1.s390x",
"product": {
"name": "postgresql14-docs-14.10-1.1.s390x",
"product_id": "postgresql14-docs-14.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql14-llvmjit-14.10-1.1.s390x",
"product": {
"name": "postgresql14-llvmjit-14.10-1.1.s390x",
"product_id": "postgresql14-llvmjit-14.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql14-llvmjit-devel-14.10-1.1.s390x",
"product": {
"name": "postgresql14-llvmjit-devel-14.10-1.1.s390x",
"product_id": "postgresql14-llvmjit-devel-14.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql14-plperl-14.10-1.1.s390x",
"product": {
"name": "postgresql14-plperl-14.10-1.1.s390x",
"product_id": "postgresql14-plperl-14.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql14-plpython-14.10-1.1.s390x",
"product": {
"name": "postgresql14-plpython-14.10-1.1.s390x",
"product_id": "postgresql14-plpython-14.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql14-pltcl-14.10-1.1.s390x",
"product": {
"name": "postgresql14-pltcl-14.10-1.1.s390x",
"product_id": "postgresql14-pltcl-14.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql14-server-14.10-1.1.s390x",
"product": {
"name": "postgresql14-server-14.10-1.1.s390x",
"product_id": "postgresql14-server-14.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql14-server-devel-14.10-1.1.s390x",
"product": {
"name": "postgresql14-server-devel-14.10-1.1.s390x",
"product_id": "postgresql14-server-devel-14.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql14-test-14.10-1.1.s390x",
"product": {
"name": "postgresql14-test-14.10-1.1.s390x",
"product_id": "postgresql14-test-14.10-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql14-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-14.10-1.1.x86_64",
"product_id": "postgresql14-14.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql14-contrib-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-contrib-14.10-1.1.x86_64",
"product_id": "postgresql14-contrib-14.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql14-devel-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-devel-14.10-1.1.x86_64",
"product_id": "postgresql14-devel-14.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql14-docs-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-docs-14.10-1.1.x86_64",
"product_id": "postgresql14-docs-14.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql14-llvmjit-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-llvmjit-14.10-1.1.x86_64",
"product_id": "postgresql14-llvmjit-14.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"product_id": "postgresql14-llvmjit-devel-14.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql14-plperl-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-plperl-14.10-1.1.x86_64",
"product_id": "postgresql14-plperl-14.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql14-plpython-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-plpython-14.10-1.1.x86_64",
"product_id": "postgresql14-plpython-14.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql14-pltcl-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-pltcl-14.10-1.1.x86_64",
"product_id": "postgresql14-pltcl-14.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql14-server-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-server-14.10-1.1.x86_64",
"product_id": "postgresql14-server-14.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql14-server-devel-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-server-devel-14.10-1.1.x86_64",
"product_id": "postgresql14-server-devel-14.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql14-test-14.10-1.1.x86_64",
"product": {
"name": "postgresql14-test-14.10-1.1.x86_64",
"product_id": "postgresql14-test-14.10-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x"
},
"product_reference": "postgresql14-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-contrib-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-contrib-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-contrib-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-contrib-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-contrib-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x"
},
"product_reference": "postgresql14-contrib-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-contrib-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-contrib-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-devel-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-devel-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-devel-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-devel-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-devel-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x"
},
"product_reference": "postgresql14-devel-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-devel-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-devel-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-docs-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-docs-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-docs-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-docs-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-docs-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x"
},
"product_reference": "postgresql14-docs-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-docs-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-docs-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-llvmjit-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-llvmjit-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-llvmjit-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-llvmjit-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-llvmjit-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x"
},
"product_reference": "postgresql14-llvmjit-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-llvmjit-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-llvmjit-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-llvmjit-devel-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-llvmjit-devel-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-llvmjit-devel-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x"
},
"product_reference": "postgresql14-llvmjit-devel-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-llvmjit-devel-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-plperl-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-plperl-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-plperl-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-plperl-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-plperl-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x"
},
"product_reference": "postgresql14-plperl-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-plperl-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-plperl-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-plpython-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-plpython-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-plpython-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-plpython-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-plpython-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x"
},
"product_reference": "postgresql14-plpython-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-plpython-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-plpython-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-pltcl-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-pltcl-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-pltcl-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-pltcl-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-pltcl-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x"
},
"product_reference": "postgresql14-pltcl-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-pltcl-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-pltcl-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-server-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-server-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-server-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-server-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-server-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x"
},
"product_reference": "postgresql14-server-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-server-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-server-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-server-devel-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-server-devel-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-server-devel-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-server-devel-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-server-devel-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x"
},
"product_reference": "postgresql14-server-devel-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-server-devel-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-server-devel-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-test-14.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64"
},
"product_reference": "postgresql14-test-14.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-test-14.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le"
},
"product_reference": "postgresql14-test-14.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-test-14.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x"
},
"product_reference": "postgresql14-test-14.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql14-test-14.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64"
},
"product_reference": "postgresql14-test-14.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5868"
}
],
"notes": [
{
"category": "general",
"text": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5868",
"url": "https://www.suse.com/security/cve/CVE-2023-5868"
},
{
"category": "external",
"summary": "SUSE Bug 1216962 for CVE-2023-5868",
"url": "https://bugzilla.suse.com/1216962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-5868"
},
{
"cve": "CVE-2023-5869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5869"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\u0027s memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5869",
"url": "https://www.suse.com/security/cve/CVE-2023-5869"
},
{
"category": "external",
"summary": "SUSE Bug 1216961 for CVE-2023-5869",
"url": "https://bugzilla.suse.com/1216961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-5869"
},
{
"cve": "CVE-2023-5870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5870"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5870",
"url": "https://www.suse.com/security/cve/CVE-2023-5870"
},
{
"category": "external",
"summary": "SUSE Bug 1216960 for CVE-2023-5870",
"url": "https://bugzilla.suse.com/1216960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql14-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-contrib-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-docs-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-llvmjit-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plperl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-plpython-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-pltcl-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-server-devel-14.10-1.1.x86_64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.aarch64",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.s390x",
"openSUSE Tumbleweed:postgresql14-test-14.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-5870"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…