Lucene search
K

179 matches found

PostrgeSql
PostrgeSql
added 2024/02/08 12:0 a.m.138 views

Vulnerability in core server (CVE-2024-0985)

PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL UPDATE June 19, 2024 : Added v16 as impacted. Updated description to clarify the attack vector. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute...

8CVSS8.5AI score0.01465EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2024/02/08 12:0 a.m.38 views

postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

PostgreSQL Project reports: One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with th...

8CVSS7.7AI score0.01465EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.2 views

PT-2024-1568 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 16.2 PostgreSQL versions prior to 15.6 PostgreSQL versions prior to 14.11 PostgreSQL versions prior to 13.14 PostgreSQL versions prior to 12.18 Description: The issue is related to a late privilege drop in the...

9CVSS7.2AI score0.04322EPSS
Exploits0References213
ATTACKERKB
ATTACKERKB
added 2023/12/12 7:15 a.m.3 views

CVE-2023-41116

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions...

4.3CVSS5.8AI score0.00446EPSS
Exploits0References2
OSV
OSV
added 2023/12/12 7:15 a.m.4 views

CVE-2023-41116

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions...

4.3CVSS5.8AI score0.00446EPSS
Exploits0References1
Prion
Prion
added 2023/12/12 7:15 a.m.15 views

Code injection

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions...

4CVSS6.9AI score0.00446EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.23 views

CVE-2023-41116

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions...

4.3CVSS4.9AI score0.00446EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.4 views

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from allowing an authenticated user to refresh any materialized vie...

4.3CVSS6.7AI score0.00446EPSS
Exploits0References2
NVD
NVD
added 2023/03/07 1:15 a.m.23 views

CVE-2023-22847

Information disclosure vulnerability exists in pgivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View IMMV created by pgivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by...

4.3CVSS4.4AI score0.00618EPSS
Exploits0References3
Prion
Prion
added 2023/03/07 1:15 a.m.20 views

Information disclosure

Information disclosure vulnerability exists in pgivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View IMMV created by pgivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by...

4CVSS5.2AI score0.00618EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/03/07 1:15 a.m.16 views

Privilege escalation

Uncontrolled search path element vulnerability exists in pgivm versions prior to 1.5.1. When refreshing an IMMV, pgivm executes functions without specifying schema names. Under certain conditions, pgivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's...

6.5CVSS8.7AI score0.00939EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/07 12:0 a.m.9 views

CVE-2023-22847

Information disclosure vulnerability exists in pgivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View IMMV created by pgivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by...

6.6AI score0.00618EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/03/07 12:0 a.m.34 views

CVE-2023-23554

Uncontrolled search path element vulnerability exists in pgivm versions prior to 1.5.1. When refreshing an IMMV, pgivm executes functions without specifying schema names. Under certain conditions, pgivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's...

9AI score0.00939EPSS
Exploits0References3
CVE
CVE
added 2023/03/07 12:0 a.m.61 views

CVE-2023-22847

CVE-2023-22847 affects the pg_ivm extension (versions before 1.5.1). An Incrementally Maintainable Materialized View (IMMV) may reflect rows protected by Row-Level Security, allowing unauthorized users to access restricted data. The issue is confirmed across multiple sources; fix is to update to ...

4.3CVSS4.3AI score0.00618EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/07 12:0 a.m.17 views

CVE-2023-22847

Information disclosure vulnerability exists in pgivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View IMMV created by pgivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by...

4.3CVSS6.6AI score0.00618EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/07 11:45 a.m.4 views

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.1AI score0.12403EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/06 9:31 a.m.5 views

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.1AI score0.12403EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/06/06 12:0 a.m.33 views

AlmaLinux 8 : postgresql:12 (ALSA-2022:4807)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4807 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block directly...

8.8CVSS7.2AI score0.12403EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/06/04 1:12 a.m.5 views

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.1AI score0.12403EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/03 7:20 p.m.42 views

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.1AI score0.12403EPSS
Exploits0References6
Rows per page
Query Builder