Oracle Linux 8 : postgresql:10 (ELSA-2024-0956)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0956 advisory. 10.23-4.0.1 - Resolves: CVE-2024-0985 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

AlmaLinux 9 : postgresql:15 (ALSA-2024:0950)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0950 advisory. postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 Tenable has extracted the preceding description block directly...

Oracle Linux 8 : postgresql:13 (ELSA-2024-0975)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0975 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 13.14-1.0.1 - update to 13.14 - Fixes CVE-2024-0985 Tenable has extracted the preceding description block...

Oracle Linux 8 : postgresql:15 (ELSA-2024-0973)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0973 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 15.6-1 - update to 15.6 - Fixes CVE-2024-0985 Tenable has extracted the preceding description block directly fr...

Oracle Linux 9 : postgresql:15 (ELSA-2024-0950)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0950 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 15.6-1 - update to 15.6 - Fixes CVE-2024-0985 Tenable has extracted the preceding description block directly fr...

RHEL 7 : rh-postgresql13-postgresql (RHSA-2024:0988)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0988 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW...

RHEL 7 : rh-postgresql12-postgresql (RHSA-2024:0990)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0990 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW...

RHEL 8 : postgresql:10 (RHSA-2024:0956)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0956 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW...

Oracle Linux 9 : postgresql (ELSA-2024-0951)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0951 advisory. 13.14-1.0.1 - Update to 13.14 - Fixes CVE-2024-0985 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

RHEL 9 : postgresql (RHSA-2024:0951)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0951 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW...

SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2024:0541-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0541-1 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as...

SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2024:0542-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0542-1 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql16 (SUSE-SU-2024:0550-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0550-1 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to...

SUSE SLES15 / openSUSE 15 Security Update : postgresql12 (SUSE-SU-2024:0523-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0523-1 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQ...

SUSE SLES12 Security Update : postgresql15 (SUSE-SU-2024:0520-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0520-1 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as...

PostgreSQL 12.x < 12.18 / 13.x < 13.14 / 14.x < 14.11 / 15.x < 15.6 SQL Injection

The version of PostgreSQL installed on the remote host is 12 prior to 12.18, 13 prior to 13.14, 14 prior to 14.11, or 15 prior to 15.6. It is, therefore, affected by following vulnerability: - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to...

Privilege Escalation

postgresql is vulnerable to Privilege Escalation. The vulnerability due to unauthorized execution of arbitrary SQL functions as the command issuer with elevated privileges using REFRESH MATERIALIZED VIEW CONCURRENTLY command. It leads to an attacker creates functions that use CREATE RULE to conve...

CVE-2024-0985

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...