PostgreSQL Multiple Vulnerabilities (Nov 2024) - Windows

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

The vulnerability of the PL/Perl environment in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability in the PL/Perl environment of the PostgreSQL database management system is related to errors in system configuration or settings. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by modifying system environment variables, such as PATH...

The vulnerability of the SET ROLE and SET SESSION commands in the PostgreSQL database management system allows attackers to enhance their privileges and gain access to protected information.

The vulnerability of the SET ROLE and SET SESSION commands in the PostgreSQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to enhance their privileges and gain access to protected information...

The vulnerability of the libpq component in the PostgreSQL database management system allows attackers to circumvent existing security restrictions and execute a type of “man-in-the-middle” attack.

The vulnerability of the libpq component in the PostgreSQL database management system is related to the use of an unreliable data source. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and carry out a “man-in-the-middle” type attack...

The vulnerability of PostgreSQL database management system’s CREATE POLICY command for tables with row-level protection allows attackers to execute arbitrary commands.

The vulnerability of PostgreSQL database management system’s CREATE POLICY commands related to the lack of consistency between independent representations of the overall state. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands by repeatedly using...

PostgreSQL Multiple Vulnerabilities (Nov 2024) - Linux

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

CVE-2024-10978

A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features resulting in loss of confidentiality integrity and availability. Mitigation Mitigation for this issue is...

DEBIAN-CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

CVE-2024-10979

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...

AZL-53204 CVE-2024-10978 affecting package postgresql for versions less than 14.14-1

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

AZL-53209 CVE-2024-10978 affecting package postgresql for versions less than 16.5-1

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

ALPINE-CVE-2024-10979

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...

AZL-53198 CVE-2024-10979 affecting package postgresql for versions less than 14.14-1

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...

CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

AZL-53212 CVE-2024-10979 affecting package postgresql for versions less than 16.5-1

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...

DEBIAN-CVE-2024-10979

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...

ALPINE-CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...