Lucene search
K

562 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/20 12:0 a.m.9 views

RHEL 9 : postgresql (RHSA-2025:1726)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1726 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing...

8.1CVSS8AI score0.89472EPSS
Exploits10References4
The Hacker News
The Hacker News
added 2025/02/14 5:3 a.m.32 views

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access PRA and Remote Support RS products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability,...

9.8CVSS9.5AI score0.95151EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2025/02/14 12:0 a.m.6 views

Azure Linux 3.0 Security Update: postgresql (CVE-2024-4317)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4317 advisory. - Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged...

4.3CVSS6.6AI score0.00722EPSS
Exploits0References2
OSV
OSV
added 2025/02/13 1:15 p.m.20 views

CVE-2025-1094

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...

8.1CVSS8.5AI score0.89472EPSS
Exploits10References6
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.4 views

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, etc. A security vulnerability exists in PostgreSQL. A security vulnerability...

8.1CVSS8.4AI score0.89472EPSS
Exploits10References4
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.60 views

PT-2025-6477

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.3 PostgreSQL versions prior to 16.7 PostgreSQL versions prior to 15.11 PostgreSQL versions prior to 14.16 PostgreSQL versions prior to 13.19 Description The issue is related to improper neutralization of quoting...

10CVSS8.4AI score0.89472EPSS
Exploits16References317
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.11 views

Azure Linux 3.0 Security Update: postgresql (CVE-2024-10976)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10976 advisory. - Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

7.5CVSS6.5AI score0.01807EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.9 views

Azure Linux 3.0 Security Update: postgresql (CVE-2024-10977)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10977 advisory. - Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS...

3.7CVSS6.7AI score0.0038EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2025/02/07 11:22 a.m.20 views

K000149707: PostgreSQL vulnerability CVE-2024-10976

Security Advisory Description Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a...

5.4CVSS6.2AI score0.00786EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 3:19 a.m.10 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10979

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. Vulnerability Details CVEID:CVE-2024-10979 DESCRIPTION: Incorrect...

8.8CVSS7.1AI score0.04422EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 3:17 a.m.24 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10976

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. Vulnerability Details CVEID:CVE-2024-10976 DESCRIPTION: Incomplete tracking in PostgreSQL of...

5.4CVSS6.5AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 3:15 a.m.10 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10977

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, which could provide weaker than expected security, caused by a flaw with retaining an error message from man-in-the-middle. A remote attacker could exploit this vulnerability to launch further attacks on the system. Vulnerability...

3.7CVSS6.4AI score0.0038EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 3:14 a.m.7 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10978

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, which could allow a remote authenticated attacker to bypass security restrictions, caused by an incorrect privilege assignment Vulnerability Details CVEID:CVE-2024-10978 DESCRIPTION: PostgreSQL could allow a remote authenticated...

4.2CVSS6.5AI score0.00705EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.40 views

Amazon Linux 2 : postgresql (ALAS-2025-2733)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2733 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL...

8.8CVSS7.8AI score0.01565EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2024/12/23 7:13 a.m.15 views

K000149092: PostgreSQL vulnerability CVE-2024-10978

Security Advisory Description Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises wh...

4.2CVSS6.3AI score0.00705EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.29 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)

The version of postgresql installed on the remote host is prior to 13.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2024-008 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.14 views

Oracle Linux 7 : postgresql (ELSA-2024-10882)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10882 advisory. - Fixes CVE-2024-10979 where environment variable mutations Orabug: 37370704 Tenable has extracted the preceding description block directly from the Oracle Lin...

8.8CVSS8AI score0.04422EPSS
Exploits1References2
OSV
OSV
added 2024/12/12 3:31 p.m.13 views

GHSA-787V-V9VQ-4RGV Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

7.1CVSS6.7AI score0.02562EPSS
Exploits0References4
Redos
Redos
added 2024/12/11 12:0 a.m.237 views

ROS-20241211-06

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

8.8CVSS8.6AI score0.04422EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/12/05 12:0 a.m.9 views

RHEL 9 : postgresql:15 (RHSA-2024:10807)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10807 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL PL/Perl environment variable...

8.8CVSS8.5AI score0.04422EPSS
Exploits1References4
Rows per page
Query Builder