Lucene search
K

64 matches found

RedHat Linux
RedHat Linux
added 2022/06/03 7:20 p.m.41 views

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.1AI score0.12403EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/05/31 9:26 a.m.3 views

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.1AI score0.12403EPSS
Exploits0References6
OSV
OSV
added 2022/03/02 11:15 p.m.3 views

ALPINE-CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS6.4AI score0.0142EPSS
Exploits0References1
OSV
OSV
added 2022/03/02 11:15 p.m.2 views

DEBIAN-CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS7.1AI score0.0142EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/12/21 10:1 a.m.3 views

postgresql: server processes unencrypted bytes from man-in-the-middle

It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands...

8.1CVSS6.9AI score0.01901EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2021/06/11 7:0 a.m.2 views

A flaw was found in postgresql in versions before 13.3 before 12.7 before 11.12 before 10.17 and before 9.6.22. While modifying certain SQL array values missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

8.8CVSS7AI score0.0199EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/01/18 4:23 p.m.5 views

postgresql: Reconnection can downgrade connection security settings

A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could...

8.1CVSS7.1AI score0.01574EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/01/18 10:3 a.m.2 views

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.8CVSS7.4AI score0.4644EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/01/18 10:2 a.m.4 views

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

7.6CVSS7.5AI score0.02586EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/01/11 10:57 a.m.2 views

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

7.6CVSS7.5AI score0.02586EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/22 8:55 a.m.9 views

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.8CVSS7.4AI score0.4644EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/12/21 10:11 a.m.3 views

postgresql: Reconnection can downgrade connection security settings

A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could...

8.1CVSS7.1AI score0.01574EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/21 10:11 a.m.2 views

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

7.6CVSS7.5AI score0.02586EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/17 3:56 p.m.9 views

postgresql: Reconnection can downgrade connection security settings

A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could...

8.1CVSS7.1AI score0.01574EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2020/12/08 8:0 a.m.3 views

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1 before 12.5 before 11.10 before 10.15 before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

7.6CVSS7AI score0.02586EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/12/02 1:56 p.m.2 views

postgresql: Reconnection can downgrade connection security settings

A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could...

8.1CVSS7.1AI score0.01574EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/10/21 1:8 p.m.7 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/03/17 3:28 p.m.41 views

CVE-2020-1720

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issu...

3.1CVSS6.7AI score0.01183EPSS
Exploits0References3
OSV
OSV
added 2018/03/02 3:29 p.m.4 views

ALPINE-CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...

8.8CVSS7AI score0.14142EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2016/08/31 5:48 a.m.14 views

postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference

A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code...

8.3CVSS7.6AI score0.05962EPSS
Exploits0References4
Rows per page
Query Builder