postgresql:15 security update

An update is available for pgaudit, postgresql, module.pgaudit, pgrepack, module.postgres-decoderbufs, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

postgresql:16 security update

An update is available for pgaudit, postgresql, module.pgaudit, pgrepack, module.postgres-decoderbufs, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RLSA-2024:10832 Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

RLSA-2024:10785 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

RockyLinux 8 : postgresql:15 (RLSA-2024:10830)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10830 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

RockyLinux 9 : postgresql:15 (RLSA-2024:10787)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10787 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

RockyLinux 9 : postgresql:16 (RLSA-2024:10788)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10788 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

RockyLinux 8 : postgresql:16 (RLSA-2024:10831)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10831 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

RockyLinux 8 : postgresql:13 (RLSA-2024:10832)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10832 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

RockyLinux 8 : postgresql:12 (RLSA-2024:10785)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10785 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

Important: libpq

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

CVE-2024-56142

pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on th...

CVE-2024-56142 Path Traversal in pghoard

pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on th...

CVE-2024-56142

The CVE-2024-56142 issue affects pghoard, a PostgreSQL backup/restore daemon that stores backups in cloud object stores. It describes a path traversal vulnerability that could allow an attacker to obtain disk access with privileges equivalent to pghoard, potentially leading to disclosure of sensi...

CVE-2024-12356

creationtimestamp| type| source ---|---|--- 2024-12-17 04:32:23+00:00| seen| https://infosec.exchange/users/cve/statuses/113666290051812274 2024-12-17 06:44:55+00:00| seen| https://t.me/cvedetector/13067 2024-12-17 06:47:32+00:00| seen|...

PGHoard 路径遍历漏洞

PGHoard is a PostgreSQL backup daemon and restore tool from Aiven Open Source. It is used to store backup data in cloud object storage. A path traversal vulnerability exists in PGHoard 2.2.2a and earlier versions, which stems from a vulnerability that allows an attacker to gain disk access with t...

CLSA-2024-1734372021 postgresql: Fix of CVE-2024-10979

CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables...

postgresql security update

9.2.24-9.0.1 - Backport fix for CVE-2023-7348 Orabug: 37220738 - Adds restriction on non-system views...

PT-2024-10058

Name of the Vulnerable Software and Affected Versions BeyondTrust Privileged Remote Access PRA and Remote Support RS versions prior to 24.3.1 PostgreSQL affected versions not specified Description A critical command injection vulnerability exists in BeyondTrust Privileged Remote Access PRA and...

Oracle Linux 7 : postgresql (ELSA-2024-8495)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-8495 advisory. - Backport fix for CVE-2023-7348 Orabug: 37220738 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...