USN-7358-1: PostgreSQL vulnerabilities

Read Time:37 Second

Wolfgang Walther discovered that PostgreSQL incorrectly tracked tables with
row security. A remote attacker could possibly use this issue to perform
forbidden reads and modifications. (CVE-2024-10976)

Jacob Champion discovered that PostgreSQL clients used untrusted server
error messages. An attacker that is able to intercept network
communications could possibly use this issue to inject error messages that
could be interpreted as valid query results. (CVE-2024-10977)

Tom Lane discovered that PostgreSQL incorrectly handled certain privilege
assignments. A remote attacker could possibly use this issue to view or
change different rows from those intended. (CVE-2024-10978)

Coby Abrams discovered that PostgreSQL incorrectly handled environment
variables. A remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2024-10979)

Active Lumma Stealer Campaign Impacting U.S. SLTTs

BlackLock ransomware: What you need to know

FishMonger APT Group Linked to I-SOON in Espionage Campaigns

Critical GitHub Attack

Rooted Devices 250 Times More Vulnerable to Compromise

Smashing Security podcast #409: Peeping perverts and FBI phone calls

UK CNI Security Leaders Express Confidence in Cybersecurity, Despite 95% Breach Rate

UK Police Arrest 422 in Major Fraud Crackdown

Over Half a Million Hit by Pennsylvania Schools Union Breach

USN-7358-1: PostgreSQL vulnerabilities

A Vulnerability in Veeam Backup & Replication Could Allow for Arbitrary Code Execution

USN-7363-1: PAM-PKCS#11 vulnerabilities

A Vulnerability in AMI MegaRAC Software Could Allow for Remote Code Execution

APPLE-SA-03-11-2025-4 visionOS 2.3.2

APPLE-SA-03-11-2025-3 macOS Sequoia 15.3.2

APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2