Important: libpq

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

postgresql:12 security update

An update is available for pgaudit, postgresql, module.pgaudit, pgrepack, module.postgres-decoderbufs, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2024-32391 · Dataease +1 · Dataease +1

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.25 Description: DataEase is an open source data visualization analysis tool. The PostgreSQL data source function allows customization of JDBC connection parameters and the PG server target. However, the...

postgresql:13 security update

pgaudit pgrepack postgres-decoderbufs postgresql 13.16-1 - Update to 13.16 - Fix CVE-2024-7348...

postgresql:12 security update

pgaudit pgrepack postgres-decoderbufs postgresql 12.20-1 - Update to 12.20 - Fix CVE-2024-7348...

Oracle Linux 8 : postgresql:15 (ELSA-2024-6001)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6001 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 15.8-1 - Update to 15.8 - Fix CVE-2024-7348 Tenable has extracted the preceding description block...

Oracle Linux 8 : postgresql:12 (ELSA-2024-6000)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-6000 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 12.20-1 - Update to 12.20 - Fix CVE-2024-7348 Tenable has extracted the preceding description block directly fr...

postgresql:15 security update

pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack postgres-decoderbufs 1.9.7-1.Final - Iitial import for postgresql 15 stream - Related: 2128410 postgresql 15.8-1 - Update to 15.8 15.6-3 - Remove /var/run/postgresql -...

postgresql:15 security update

pgaudit pgrepack postgres-decoderbufs postgresql 15.8-1 - Update to 15.8 - Fix CVE-2024-7348...

Oracle Linux 8 : postgresql:13 (ELSA-2024-6018)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-6018 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 13.16-1 - Update to 13.16 - Fix CVE-2024-7348 Tenable has extracted the preceding description block directly fr...

Oracle Linux 8 : postgresql:16 (ELSA-2024-5927)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5927 advisory. pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack postgres-decoderbufs...

postgresql:16 security update

pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack postgres-decoderbufs 2.4.0-1.Final - Initial import for postgresql 16 stream - Related: RHEL-3636 postgresql 16.4-1 - Update to 16.4 - Fix CVE-2024-7348...

UBUNTU-CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

Security Bulletin: Common vulnerabilities fixed in EDB Postgres Advanced Server (EPAS)

Summary Common vulnerabilities fixed in EDB Postgres Advanced Server EPAS Vulnerability Details CVEID:CVE-2023-41113 DESCRIPTION: EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the accesshistory function. By...

pREST vulnerable to jwt bypass + sql injection

Summary Probably jwt bypass + sql injection or what i'm doing wrong? PoC how to reproduce 1. Create following files: docker-compose.yml: services: postgres: image: postgres containername: postgrescontainermre environment: POSTGRESUSER: testuserpg POSTGRESPASSWORD: testpasspg POSTGRESDB: testdb...

CVE-2024-5753 Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: SNYK:PYTHON-DBTCORE-7430282...

OPENSUSE-SU-2024:12872-1 prometheus-postgres_exporter-0.10.1-2.1 on GA media

These are all security issues fixed in the prometheus-postgresexporter-0.10.1-2.1 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: EDB Postgres Advanced Server (EPAS)

Summary This security bulletin identifies a set of common vulnerabilities that have been addressed in EDB Postgres Advanced Server with IBM 15.4. Vulnerability Details CVEID:CVE-2023-41113 DESCRIPTION: EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to obtain...

new module: postgresql:16

An update is available for module.pgaudit, postgresql, pgaudit, module.pgrepack, module.postgres-decoderbufs, pgrepack, module.postgresql, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...