Lucene search
K

256 matches found

Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.17 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-014)

The version of postgresql installed on the remote host is prior to 14.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2024-014 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References10
OSV
OSV
added 2024/12/19 4:18 a.m.24 views

RLSA-2024:10831 Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS8.2AI score0.04422EPSS
Exploits1References4
Amazon
Amazon
added 2024/12/19 12:0 a.m.4 views

Important: libpq

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

8.8CVSS7.2AI score0.04422EPSS
Exploits1
Amazon
Amazon
added 2024/12/19 12:0 a.m.4 views

Important: postgresql

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

8.8CVSS7.2AI score0.04422EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/12/19 12:0 a.m.12 views

RockyLinux 9 : postgresql:16 (RLSA-2024:10788)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10788 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

8.8CVSS7.6AI score0.04422EPSS
Exploits1References7
Amazon
Amazon
added 2024/12/12 12:0 a.m.11 views

Important: postgresql16

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

8.8CVSS7.1AI score0.04422EPSS
Exploits1
Amazon
Amazon
added 2024/12/12 12:0 a.m.5 views

Important: postgresql16

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

8.8CVSS8.8AI score0.04422EPSS
Exploits1
Amazon
Amazon
added 2024/12/12 12:0 a.m.14 views

Important: postgresql15

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

8.8CVSS8.8AI score0.04422EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.24 views

Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2024-786)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-786 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction...

8.8CVSS7.2AI score0.04422EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.21 views

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-787)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-787 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction...

8.8CVSS7.2AI score0.04422EPSS
Exploits1References10
OSV
OSV
added 2024/12/05 12:0 a.m.21 views

ALSA-2024:10830 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS8.2AI score0.04422EPSS
Exploits1References8
OSV
OSV
added 2024/12/05 12:0 a.m.20 views

ALSA-2024:10832 Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS8.2AI score0.04422EPSS
Exploits1References8
AlmaLinux
AlmaLinux
added 2024/12/05 12:0 a.m.14 views

Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS8AI score0.04422EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/12/05 12:0 a.m.12 views

AlmaLinux 9 : postgresql:15 (ALSA-2024:10787)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:10787 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

8.8CVSS7.6AI score0.04422EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/12/05 12:0 a.m.18 views

AlmaLinux 8 : postgresql:13 (ALSA-2024:10832)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:10832 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

8.8CVSS7.5AI score0.04422EPSS
Exploits1References5
AlmaLinux
AlmaLinux
added 2024/12/04 12:0 a.m.17 views

Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS7.4AI score0.04422EPSS
Exploits1References8
AlmaLinux
AlmaLinux
added 2024/12/04 12:0 a.m.33 views

Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS7.4AI score0.04422EPSS
Exploits1References8
AlmaLinux
AlmaLinux
added 2024/12/04 12:0 a.m.22 views

Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS8AI score0.04422EPSS
Exploits1References8
OSV
OSV
added 2024/12/02 12:30 p.m.3 views

USN-7132-1 postgresql-12, postgresql-14, postgresql-16 vulnerabilities

It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. CVE-2024-10976 Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is...

8.8CVSS6.7AI score0.04422EPSS
Exploits1References5
Mageia
Mageia
added 2024/11/27 7:59 p.m.26 views

Updated postgresql15 & postgresql13 packages fix security vulnerabilities

PostgreSQL row security below e.g. subqueries disregards user ID changes. CVE-2024-10976 PostgreSQL libpq retains an error message from man-in-the-middle. CVE-2024-10977 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. CVE-2024-10978 PostgreSQL PL/Perl environment variable...

8.8CVSS8AI score0.04422EPSS
Exploits1References3
Rows per page
Query Builder