Ubuntu: Security Advisory (USN-7132-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider

A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

USN-7132-1 postgresql-12, postgresql-14, postgresql-16 vulnerabilities

It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. CVE-2024-10976 Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is...

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

SUSE-SU-2024:4118-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol...

Security update for postgresql13

This update for postgresql13 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

Sensitive Information Disclosure

Apache Airflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insufficient masking of sensitive configuration variables in task logs, allowing DAG authors to log such variables unintentionally or intentionally, potentially exposing them to unauthorized users...

Security update for postgresql12

This update for postgresql12 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

SUSE-SU-2024:4097-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol...

Security update for postgresql14

This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

SUSE-SU-2024:4096-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol...

Security update for postgresql15

This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

SUSE-SU-2024:4095-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol...

CVE-2024-53859

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

CVE-2024-53858 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

CVE-2024-53859 go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

CVE-2017-13319

In pvmp3getmaindatasize of pvmp3getmaindatasize.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2017-13319

In pvmp3getmaindatasize of pvmp3getmaindatasize.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation...