ROS-20241211-05

CREATE POLICY row-protected table security policy vulnerability of database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands by reusin...

Oracle Linux 9 : postgresql (ELSA-2024-10791)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-10791 advisory. 13.18-1 - Update to 13.18 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-787)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-787 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction...

Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2024-786)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-786 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction...

RHSA-2024:10882 Red Hat Security Advisory: postgresql security update

Bulletin has no description...

RHSA-2024:10879 Red Hat Security Advisory: postgresql:13 security update

Bulletin has no description...

Upgrade to Veeam Backup & Replication 12.3 Fails During "Step 1 of 7: Installing PostgreSQL server 15.10-1..."

Article Applicability The issue described in this article only occurred when using the initial Veeam Backup & Replication 12.3 ISO named VeeamBackup&Replication12.3.0.31020241201.iso. On 2024-12-16, a new ISO VeeamBackup&Replication12.3.0.31020241211.iso was made available, which contains a check...

postgresql security update

13.18-1 - Update to 13.18...

GHSA-92QF-8GH3-GWCM Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887...

Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887...

CVE-2024-53947

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887...

CVE-2024-53947 Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887...

CVE-2024-53947

CVE-2024-53947 : Apache Superset is affected by an SQL Injection vulnerability due to improper neutralization of certain engine-specific functions, allowing bypass of SQL authorization. The issue affects versions

CVE-2024-53947 Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887...

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

Important: Red Hat Security Advisory: postgresql:13 security update

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

RHEL 9 : postgresql:13 (RHSA-2024:10879)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10879 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL PL/Perl environment variable...

ruby:2.5 security update

ruby 2.5.9-113.0.1 - Fix REXML ReDoS vulnerability CVE-2024-49761. rubygem-abrt 0.3.0-4 - Execute test suite unconditionally. - Upload correct sources. rubygem-bson rubygem-bundler rubygem-mongo 2.5.1-2 - Disable tests to fix FTBFS by dropped MongoDB module. Resolves: rhbz1710863 rubygem-mysql2...