PT-2024-23849

Name of the Vulnerable Software and Affected Versions Saleor versions 3.10.0 through 3.14.63 Saleor versions 3.15.0 through 3.15.38 Saleor versions 3.16.0 through 3.16.38 Saleor versions 3.17.0 through 3.17.34 Saleor versions 3.18.0 through 3.18.30 Saleor versions 3.19.0 through 3.19.18 Descripti...

CVE-2023-52634

Summary (CVE-2023-52634) : In the Linux kernel, the DRM/AMD display driver had a logic issue in the disable_otg_wa path that could cause a system hang during HDMI mode switches due to simultaneous FIFO/HPO state changes. The root cause was that enabling/disabling FIFO could affect multiple regist...

CVE-2023-52634 drm/amd/display: Fix disable_otg_wa logic

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix disableotgwa logic Why When switching to another HDMI mode, we are unnecesarilly disabling/enabling FIFO causing both HPO and DIG registers to be set at the same time when only HPO is supposed to be set. This...

PT-2024-13462 · Itop +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.0.4 iTop versions prior to 3.1.1 Description: iTop is an IT service management platform. When dashlets are refreshed, XSS attacks are possible. Recommendations: For versions prior to 3.0.4, update to version 3.0.4 or...

New ZenHammer Attack Bypasses Rowhammer Defenses on AMD CPUs

Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM dynamic random-access memory attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh TRR. "This result proves that AMD system...

CLSA-2024-1711492417 Fix CVE(s): CVE-2024-0985

SECURITY UPDATE: Execution of arbitrary SQL functions as the command issuer because of late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY - debian/patches/CVE-2024-0985.patch: run REFRESH MATERIALIZED VIEW CONCURRENTLY in right security context - CVE-2024-0985...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

RHEL 8 : postgresql (RHSA-2024:1437)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1437 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

RHEL 8 : postgresql (RHSA-2024:1428)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1428 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

Important: Red Hat Security Advisory: postgresql:10 security update

An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

RHEL 8 : postgresql:10 (RHSA-2024:1348)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1348 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

postgresql:13 security update

An update is available for postgres-decoderbufs, postgresql, pgrepack, module.postgresql, module.postgres-decoderbufs, pgaudit, module.pgrepack, module.pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

USN-6656-2 postgresql-9.5 vulnerability

USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS Original advisory details: It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user...

Rocky Linux 8 : postgresql:15 (RLSA-2024:0973)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0973 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer...