CVE-2024-42450

CVE-2024-42450 affects Versa Networks Versa Director, where the Postgres database is configured by default to listen on all network interfaces and uses a common password across installations, creating an unauthenticated access risk to the database and potential filesystem reads for privilege esca...

postgresql bug fix and enhancement update

An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9...

SUSE-SU-2024:4019-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter was updated from version 1.0.1 to 1.0.8: - Security issues fixed: CVE-2023-3978: Fixed security bug in x/net dependency in version 1.0.2 bsc1213933 - Bugs fixed: Require Go 1.20 when building for RedHat derivatives...

CVE-2024-10979

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables. Mitigation Currently the following options exist to help mitigate the impact of this...

CVE-2024-10977

A flaw was found in PostgreSQL's error message handling. This vulnerability allows a Man-in-the-middle attacker to inject arbitrary non-NUL bytes into the libpq application via a server error message. Mitigation Make sure PostgreSQL is configured to use trusted SSL or GSS settings to prevent...

CVE-2024-10976

A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...

Debian dsa-5812 : libecpg-compat3 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5812 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5812-1 [email protected] https://www.debian.org/securit...

Debian: Security Advisory (DLA-3954-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5812-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3954-1] postgresql-13 security update

Debian LTS Advisory DLA-3954-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón November 16, 2024 https://wiki.debian.org/LTS Package : postgresql-13 Version : 13.17-0+deb11u1 CVE ID : CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979 Multiple...

BIT-POSTGRESQL-2024-10976 PostgreSQL row security below e.g. subqueries disregards user ID changes

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

BIT-POSTGRESQL-2024-10977 PostgreSQL libpq retains an error message from man-in-the-middle

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

BIT-POSTGRESQL-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

BIT-POSTGRESQL-2024-10979 PostgreSQL PL/Perl environment variable changes execute arbitrary code

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...

postgresql13-13.17-1.1 on GA media (moderate)

postgresql13-13.17-1.1 on GA media Announcement ID: openSUSE-SU-2024:14502-1 Rating: moderate Cross-References: CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979 CVSS scores: CVE-2024-10976 SUSE : 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2024-10977 SUSE : 3.1...

postgresql16-16.5-1.1 on GA media (moderate)

postgresql16-16.5-1.1 on GA media Announcement ID: openSUSE-SU-2024:14505-1 Rating: moderate Cross-References: CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979 CVSS scores: CVE-2024-10976 SUSE : 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2024-10977 SUSE : 3.1...

Debian dla-3954 : libecpg-compat3 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3954 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3954-2 [email protected] https://www.debian.org/lts/security/...

DLA-3954-1 postgresql-13 - security update

Bulletin has no description...

[SECURITY] [DSA 5812-1] postgresql-15 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5812-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2024 https://www.debian.org/security/faq -...

8.8 Rated PostgreSQL Vulnerability Puts Databases at Risk

Cybersecurity researchers at Varonis have identified a serious security vulnerability in PostgreSQL that could lead to data breaches…...