CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13311 matches found

Tenable Nessus•added 2024/11/18 12:0 a.m.•19 views

Debian dsa-5812 : libecpg-compat3 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5812 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5812-1 [email protected] https://www.debian.org/securit...

8.8CVSS7.5AI score0.04422EPSS

Exploits1References10

OpenVAS•added 2024/11/18 12:0 a.m.•13 views

Debian: Security Advisory (DLA-3954-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.8AI score0.04422EPSS

Exploits1References2

OpenVAS•added 2024/11/18 12:0 a.m.•13 views

Debian: Security Advisory (DSA-5812-1)

8.8CVSS7.8AI score0.04422EPSS

Exploits1References2

Debian•added 2024/11/16 11:9 a.m.•9 views

[SECURITY] [DLA 3954-1] postgresql-13 security update

Debian LTS Advisory DLA-3954-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón November 16, 2024 https://wiki.debian.org/LTS Package : postgresql-13 Version : 13.17-0+deb11u1 CVE ID : CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979 Multiple...

8.8CVSS7.2AI score0.04422EPSS

Exploits1

OSV•added 2024/11/16 7:16 a.m.•20 views

BIT-POSTGRESQL-2024-10976 PostgreSQL row security below e.g. subqueries disregards user ID changes

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.8AI score0.00786EPSS

Exploits0References4

OSV•added 2024/11/16 7:16 a.m.•101 views

BIT-POSTGRESQL-2024-10977 PostgreSQL libpq retains an error message from man-in-the-middle

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

3.7CVSS6.5AI score0.0038EPSS

Exploits0References3

OSV•added 2024/11/16 7:16 a.m.•103 views

BIT-POSTGRESQL-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS6.7AI score0.00705EPSS

Exploits0References5

OSV•added 2024/11/16 7:16 a.m.•18 views

BIT-POSTGRESQL-2024-10979 PostgreSQL PL/Perl environment variable changes execute arbitrary code

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...

8.8CVSS8.8AI score0.04422EPSS

Exploits1References5

OSV•added 2024/11/16 12:0 a.m.•16 views

DLA-3954-1 postgresql-13 - security update

Bulletin has no description...

8.8CVSS7.3AI score0.04422EPSS

Exploits1

Tenable Nessus•added 2024/11/16 12:0 a.m.•3 views

Debian dla-3954 : libecpg-compat3 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3954 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3954-2 [email protected] https://www.debian.org/lts/security/...

4.2CVSS6.4AI score0.00705EPSS

Exploits0References4

OPENSUSE Linux•added 2024/11/16 12:0 a.m.•4 views

postgresql13-13.17-1.1 on GA media (moderate)

postgresql13-13.17-1.1 on GA media Announcement ID: openSUSE-SU-2024:14502-1 Rating: moderate Cross-References: CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979 CVSS scores: CVE-2024-10976 SUSE : 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2024-10977 SUSE : 3.1...

8.8CVSS8.9AI score0.04422EPSS

Exploits1

OPENSUSE Linux•added 2024/11/16 12:0 a.m.•4 views

postgresql16-16.5-1.1 on GA media (moderate)

postgresql16-16.5-1.1 on GA media Announcement ID: openSUSE-SU-2024:14505-1 Rating: moderate Cross-References: CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979 CVSS scores: CVE-2024-10976 SUSE : 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2024-10977 SUSE : 3.1...

8.8CVSS8.9AI score0.04422EPSS

Exploits1

Debian•added 2024/11/15 9:43 p.m.•8 views

[SECURITY] [DSA 5812-1] postgresql-15 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5812-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2024 https://www.debian.org/security/faq -...

8.8CVSS7.8AI score0.04422EPSS

Exploits1

HackRead•added 2024/11/15 4:51 p.m.•4 views

8.8 Rated PostgreSQL Vulnerability Puts Databases at Risk

Cybersecurity researchers at Varonis have identified a serious security vulnerability in PostgreSQL that could lead to data breaches…...

7.3AI score

Exploits0

The Hacker News•added 2024/11/15 6:40 a.m.•10 views

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979 ,...

8.8CVSS9.5AI score0.04422EPSS

Exploits1