PGHoard 路径遍历漏洞

PGHoard is a PostgreSQL backup daemon and restore tool from Aiven Open Source. It is used to store backup data in cloud object storage. A path traversal vulnerability exists in PGHoard 2.2.2a and earlier versions, which stems from a vulnerability that allows an attacker to gain disk access with t...

CLSA-2024-1734372021 postgresql: Fix of CVE-2024-10979

CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables...

PT-2024-10058

Name of the Vulnerable Software and Affected Versions BeyondTrust Privileged Remote Access PRA and Remote Support RS versions prior to 24.3.1 PostgreSQL affected versions not specified Description A critical command injection vulnerability exists in BeyondTrust Privileged Remote Access PRA and...

postgresql security update

9.2.24-9.0.1 - Backport fix for CVE-2023-7348 Orabug: 37220738 - Adds restriction on non-system views...

Oracle Linux 7 : postgresql (ELSA-2024-8495)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-8495 advisory. - Backport fix for CVE-2023-7348 Orabug: 37220738 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

GHSA-787V-V9VQ-4RGV Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

Important: postgresql15

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql, postgresql16, postgresql17 (SUSE-SU-2024:4173-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4173-1 advisory. This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Rela...

SUSE SLES15: postgresql14 / postgresql14-contrib / postgresql14-devel / etc (SUSE-SU-2024:4118-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4118-1 advisory. - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level...

SUSE SLES12: postgresql14 / postgresql14-contrib / postgresql14-docs / etc (SUSE-SU-2024:4096-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4096-1 advisory. - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc123332...

SUSE SLES15 / openSUSE 15 Security Update : postgresql12 (SUSE-SU-2024:4099-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4099-1 advisory. - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level...

SUSE SLES12: libecpg6 / libecpg6-32bit / libpq5 / libpq5-32bit / postgresql / etc (SUSE-SU-2024:4052-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4052-1 advisory. This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Relax the dependency of extensions on the server...

SUSE SLES15: postgresql13 / postgresql13-contrib / postgresql13-devel / etc (SUSE-SU-2024:4175-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4175-1 advisory. - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level...

SUSE SLED15: postgresql15 / postgresql15-contrib / postgresql15-devel / etc (SUSE-SU-2024:4174-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4174-1 advisory. - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS appli...

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-787)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-787 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction...

Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2024-786)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-786 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction...

Oracle Linux 9 : postgresql (ELSA-2024-10791)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-10791 advisory. 13.18-1 - Update to 13.18 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

ROS-20241211-03

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241211-04

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241211-02

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...