562 matches found
RHEL 9 : postgresql (RHSA-2025:1726)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1726 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing...
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access PRA and Remote Support RS products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability,...
Azure Linux 3.0 Security Update: postgresql (CVE-2024-4317)
The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4317 advisory. - Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged...
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, etc. A security vulnerability exists in PostgreSQL. A security vulnerability...
PT-2025-6477
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.3 PostgreSQL versions prior to 16.7 PostgreSQL versions prior to 15.11 PostgreSQL versions prior to 14.16 PostgreSQL versions prior to 13.19 Description The issue is related to improper neutralization of quoting...
Azure Linux 3.0 Security Update: postgresql (CVE-2024-10976)
The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10976 advisory. - Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...
Azure Linux 3.0 Security Update: postgresql (CVE-2024-10977)
The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10977 advisory. - Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS...
K000149707: PostgreSQL vulnerability CVE-2024-10976
Security Advisory Description Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10979
Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. Vulnerability Details CVEID:CVE-2024-10979 DESCRIPTION: Incorrect...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10976
Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. Vulnerability Details CVEID:CVE-2024-10976 DESCRIPTION: Incomplete tracking in PostgreSQL of...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10977
Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, which could provide weaker than expected security, caused by a flaw with retaining an error message from man-in-the-middle. A remote attacker could exploit this vulnerability to launch further attacks on the system. Vulnerability...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10978
Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, which could allow a remote authenticated attacker to bypass security restrictions, caused by an incorrect privilege assignment Vulnerability Details CVEID:CVE-2024-10978 DESCRIPTION: PostgreSQL could allow a remote authenticated...
Amazon Linux 2 : postgresql (ALAS-2025-2733)
The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2733 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL...
K000149092: PostgreSQL vulnerability CVE-2024-10978
Security Advisory Description Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises wh...
Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)
The version of postgresql installed on the remote host is prior to 13.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2024-008 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...
Oracle Linux 7 : postgresql (ELSA-2024-10882)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10882 advisory. - Fixes CVE-2024-10979 where environment variable mutations Orabug: 37370704 Tenable has extracted the preceding description block directly from the Oracle Lin...
GHSA-787V-V9VQ-4RGV Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access
Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...
ROS-20241211-06
CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...
RHEL 9 : postgresql:15 (RHSA-2024:10807)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10807 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL PL/Perl environment variable...