74 matches found
JLSEC-2026-37
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
MiracleLinux 8 : postgresql:12 (AXSA:2022-3790:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3790:01 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block...
EUVD-2024-17447
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-1713
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum...
CVE-2024-1713
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum...
CVE-2024-1713
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum...
CVE-2024-1713
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum...
CVE-2024-1713
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum...
UBUNTU-CVE-2024-1713
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum...
CVE-2024-1713 Plv8 Deferred Trigger Privilege Escalation
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum...
CVE-2024-1713
Summary of CVE-2024-1713 (Plv8 Deferred Trigger Privilege Escalation) Affects plv8 version 3.2.1. If a user can create objects in a database, they can cause deferred triggers to execute as the Superuser during autovacuum. This is a privilege-escalation scenario with impact on confidentiality, int...
CVE-2024-1713 Plv8 Deferred Trigger Privilege Escalation
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum...
PT-2024-18244 · Plv8 · Plv8
Name of the Vulnerable Software and Affected Versions: plv8 version 3.2.1 Description: A user who can create objects in a database with plv8 installed is able to cause deferred triggers to execute as the Superuser during autovacuum. Recommendations: For plv8 version 3.2.1, consider restricting...
Plv8 Code Issues Vulnerabilities
Plv8 is a shared library that provides the PostgreSQL procedural language supported by the V8 Javascript engine. A security vulnerability exists in Plv8 version 3.2.1, which originates from the ability of a user who creates objects in the database to execute delayed triggers as a superuser during...
Important: postgresql
Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...
postgresql: Role pg_signal_backend can signal certain superuser processes.
A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...
postgresql: Role pg_signal_backend can signal certain superuser processes.
A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...
postgresql: Role pg_signal_backend can signal certain superuser processes.
A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...
CVE-2023-5870
Summary (CVE-2023-5870) : PostgreSQL vulnerability where the pg_cancel_backend role can signal background workers (including the autovacuum launcher and logical replication launcher). The underlying issue is that signaling is possible for non-core extensions with less-resilient background workers...
postgresql: Role pg_signal_backend can signal certain superuser processes.
A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...