108 matches found
CVE-2024-10979
CVE-2024-10979 affects PostgreSQL PL/Perl: incorrect control of environment variables (e.g., PATH) by an unprivileged database user can enable arbitrary code execution. Affected PostgreSQL versions include pre-17.1, pre-16.5, pre-15.9, pre-14.14, pre-13.17, and pre-12.21. Remediation is via vendo...
CVE-2024-10979
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...
FreeBSD : PostgreSQL -- PL/Perl environment variable changes execute arbitrary code (a03636f4-a29f-11ef-af48-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a03636f4-a29f-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incorrect control of environment variables in PostgreSQL PL/Perl allows an...
PostgreSQL -- PL/Perl environment variable changes execute arbitrary code
PostgreSQL project reports: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server...
Vulnerability in core server (CVE-2024-10979)
PostgreSQL PL/Perl environment variable changes execute arbitrary code Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if...
SUSE CVE-2010-1169
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrar...
Access Restriction Bypass
PostgreSQL is vulnerable to Access Restriction Bypass. Due to a flaw found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Perl...
openSUSE Security Update : postgresql94 (openSUSE-2016-271)
This update for postgresql94 fixes the following issues : - Security and bugfix release 9.4.6 : - IMPORTANT Users of version 9.4 will need to reindex any jsonbpathops indexes they have created, in order to fix a persistent issue with missing index entries. - Fix infinite loops and buffer-overrun...
openSUSE Security Update : postgresql (openSUSE-SU-2012:1299-1)
This version upgrade of PostgreSQL fixes following issues : - Bugfix release 9.0.10 : - Fix planner's assignment of executor parameters, and fix executor's rescan logic for CTE plan nodes. - Improve page-splitting decisions in GiST indexes. - Fix cascading privilege revoke to stop if privileges a...
Amazon Linux AMI : postgresql8 (ALAS-2012-94)
A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when...
Oracle Linux 5 : postgresql (ELSA-2010-0429)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0429 advisory. 8.1.21-1.el55.1 - Update to PostgreSQL 8.1.21 to fix CVE-2010-1169, CVE-2010-1170, CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs...
Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64
PostgreSQL is an advanced object-relational database management system DBMS. PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are...
Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64
A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl...
Scientific Linux Security Update : postgresql and postgresql84 on SL4.x, SL5.x i386/x86_64
It was discovered that a user could utilize the features of the PL/Perl and PL/Tcl languages to modify the behavior of a SECURITY DEFINER function created by a different user. If the PL/Perl or PL/Tcl language was used to implement a SECURITY DEFINER function, an authenticated database user could...
Scientific Linux Security Update : postgresql on SL6.x i386/x86_64
It was discovered that a user could utilize the features of the PL/Perl andaPL/Tcl languages to modify the behavior of a SECURITY DEFINER functionacreated by a different user. If the PL/Perl or PL/Tcl language was used toaimplement a SECURITY DEFINER function, an authenticated database user...
CentOS Update for postgresql84 CESA-2010:0430 centos5 i386
Check for the Version of postgresql84 OpenVAS Vulnerability Test CentOS Update for postgresql84 CESA-2010:0430 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
SuSE 11 / 11.1 Security Update : postgresql (SAT Patch Numbers 2457 / 2458)
This update of postgresql fixes several minor security vulnerabilities : - Postgresql does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings. CVE-2010-1975 - The PL/Tcl implementation in postgresql loa...
Moderate: Red Hat Security Advisory: postgresql security update
Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Ubuntu Update for postgresql-8.4 vulnerability USN-1002-2
Ubuntu Update for Linux kernel vulnerabilities USN-1002-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN10022.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for postgresql-8.4 vulnerability USN-1002-2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Ubuntu Update for PostgreSQL vulnerability USN-1002-1
Ubuntu Update for Linux kernel vulnerabilities USN-1002-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10021.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for PostgreSQL vulnerability USN-1002-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...