Lucene search
+L

108 matches found

CVE
CVE
added 2024/11/14 1:0 p.m.546 views

CVE-2024-10979

CVE-2024-10979 affects PostgreSQL PL/Perl: incorrect control of environment variables (e.g., PATH) by an unprivileged database user can enable arbitrary code execution. Affected PostgreSQL versions include pre-17.1, pre-16.5, pre-15.9, pre-14.14, pre-13.17, and pre-12.21. Remediation is via vendo...

8.8CVSS8.8AI score0.04422EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2024/11/14 1:0 p.m.31 views

CVE-2024-10979

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...

8.8CVSS9.1AI score0.04422EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.5 views

FreeBSD : PostgreSQL -- PL/Perl environment variable changes execute arbitrary code (a03636f4-a29f-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a03636f4-a29f-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incorrect control of environment variables in PostgreSQL PL/Perl allows an...

8.8CVSS8.3AI score0.04422EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2024/11/14 12:0 a.m.14 views

PostgreSQL -- PL/Perl environment variable changes execute arbitrary code

PostgreSQL project reports: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References1
PostrgeSql
PostrgeSql
added 2024/11/14 12:0 a.m.118 views

Vulnerability in core server (CVE-2024-10979)

PostgreSQL PL/Perl environment variable changes execute arbitrary code Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if...

8.8CVSS7.6AI score0.04422EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.5 views

SUSE CVE-2010-1169

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrar...

8.5CVSS7.6AI score0.04081EPSS
Exploits1References5
Veracode
Veracode
added 2020/04/10 12:48 a.m.36 views

Access Restriction Bypass

PostgreSQL is vulnerable to Access Restriction Bypass. Due to a flaw found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Perl...

8.5CVSS1.5AI score0.04081EPSS
Exploits1References40Affected Software2
Tenable Nessus
Tenable Nessus
added 2016/02/26 12:0 a.m.39 views

openSUSE Security Update : postgresql94 (openSUSE-2016-271)

This update for postgresql94 fixes the following issues : - Security and bugfix release 9.4.6 : - IMPORTANT Users of version 9.4 will need to reindex any jsonbpathops indexes they have created, in order to fix a persistent issue with missing index entries. - Fix infinite loops and buffer-overrun...

9CVSS7.4AI score0.06948EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.59 views

openSUSE Security Update : postgresql (openSUSE-SU-2012:1299-1)

This version upgrade of PostgreSQL fixes following issues : - Bugfix release 9.0.10 : - Fix planner's assignment of executor parameters, and fix executor's rescan logic for CTE plan nodes. - Improve page-splitting decisions in GiST indexes. - Fix cascading privilege revoke to stop if privileges a...

6.5CVSS7.5AI score0.05734EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.36 views

Amazon Linux AMI : postgresql8 (ALAS-2012-94)

A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when...

4.3CVSS7.7AI score0.05734EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.216 views

Oracle Linux 5 : postgresql (ELSA-2010-0429)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0429 advisory. 8.1.21-1.el55.1 - Update to PostgreSQL 8.1.21 to fix CVE-2010-1169, CVE-2010-1170, CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs...

8.5CVSS8.2AI score0.13361EPSS
Exploits9References7
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.278 views

Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64

PostgreSQL is an advanced object-relational database management system DBMS. PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are...

8.5CVSS8.8AI score0.13361EPSS
Exploits8References6
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.34 views

Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64

A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl...

8.5CVSS8AI score0.04081EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.24 views

Scientific Linux Security Update : postgresql and postgresql84 on SL4.x, SL5.x i386/x86_64

It was discovered that a user could utilize the features of the PL/Perl and PL/Tcl languages to modify the behavior of a SECURITY DEFINER function created by a different user. If the PL/Perl or PL/Tcl language was used to implement a SECURITY DEFINER function, an authenticated database user could...

6CVSS8.1AI score0.03331EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.27 views

Scientific Linux Security Update : postgresql on SL6.x i386/x86_64

It was discovered that a user could utilize the features of the PL/Perl andaPL/Tcl languages to modify the behavior of a SECURITY DEFINER functionacreated by a different user. If the PL/Perl or PL/Tcl language was used toaimplement a SECURITY DEFINER function, an authenticated database user...

6CVSS8.2AI score0.03331EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.34 views

CentOS Update for postgresql84 CESA-2010:0430 centos5 i386

Check for the Version of postgresql84 OpenVAS Vulnerability Test CentOS Update for postgresql84 CESA-2010:0430 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

8.5CVSS9.2AI score0.04081EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2010/12/02 12:0 a.m.36 views

SuSE 11 / 11.1 Security Update : postgresql (SAT Patch Numbers 2457 / 2458)

This update of postgresql fixes several minor security vulnerabilities : - Postgresql does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings. CVE-2010-1975 - The PL/Tcl implementation in postgresql loa...

8.5CVSS8.7AI score0.06902EPSS
Exploits4References12
RedHat Linux
RedHat Linux
added 2010/11/23 3:59 p.m.43 views

Moderate: Red Hat Security Advisory: postgresql security update

Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6CVSS7.3AI score0.03331EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2010/11/23 12:0 a.m.18 views

Ubuntu Update for postgresql-8.4 vulnerability USN-1002-2

Ubuntu Update for Linux kernel vulnerabilities USN-1002-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN10022.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for postgresql-8.4 vulnerability USN-1002-2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

6CVSS0.1AI score0.03331EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/10/19 12:0 a.m.17 views

Ubuntu Update for PostgreSQL vulnerability USN-1002-1

Ubuntu Update for Linux kernel vulnerabilities USN-1002-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10021.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for PostgreSQL vulnerability USN-1002-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

6CVSS0.2AI score0.03331EPSS
Exploits0References2
Rows per page
Query Builder