#CVE202410979

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

November 15, 2024 by Xynik

November 15, 2024 at 02:46AM A high-severity vulnerability (CVE-2024-10979) in PostgreSQL allows unprivileged users to modify environment variables, potentially enabling arbitrary code execution and information disclosure. With a CVSS score of 8.8, it has been patched in recent PostgreSQL versions. Users are advised to implement strict permissions on extensions and functions. ### Meeting Takeaways – … Read more

Varonis Warns of Bug Discovered in PostgreSQL PL/Perl

November 14, 2024 by Xynik

November 14, 2024 at 05:07PM A vulnerability in the PL/Perl extension of PostgreSQL (CVE-2024-10979) allows users to set arbitrary environment variables, scoring a CVSS 8.8. It can lead to severe security issues such as arbitrary code execution. Affected versions require updates to mitigate risks and should prompt users to review function creation logs. ### Meeting … Read more