CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Redos•added 2024/06/07 12:0 a.m.•6 views

ROS-20240607-07

4.3CVSS4AI score0.00722EPSS

OSV•added 2024/05/30 11:59 a.m.•5 views

USN-6802-1 postgresql-14, postgresql-15, postgresql-16 vulnerability

Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pgstatsext and pgstatsextexprs views. An unprivileged database user can use this issue to read most common values and other statistics from CREATE STATISTICS commands of other users. NOTE: This update will...

4.3CVSS7AI score0.00722EPSS

Exploits0References2

Tenable Nessus•added 2024/05/16 12:0 a.m.•19 views

SUSE SLES12: postgresql15 / postgresql15-contrib / postgresql15-devel / etc (SUSE-SU-2024:1653-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1653-1 advisory. PostgreSQL upgrade to version 15.7 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to th...

4.3CVSS6.8AI score0.00722EPSS

Exploits0References5

Tenable Nessus•added 2024/05/14 12:0 a.m.•22 views

Rocky Linux 9 : postgresql (RLSA-2024:0951)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0951 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer...

8CVSS7.9AI score0.01465EPSS

Exploits0References3

BDU FSTEC•added 2024/05/06 12:0 a.m.•7 views

The vulnerability of the PostgreSQL software component used in Brocade SANnav network management systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the PostgreSQL software component used in Brocade SANnav network management systems is related to insufficient protection for registration data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

5CVSS5.4AI score0.00112EPSS

Exploits0References4Affected Software1

IBM Security Bulletins•added 2024/04/24 4:46 a.m.•34 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-5868)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-5868 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when...

4.3CVSS6.5AI score0.02775EPSS

Exploits0Affected Software1

Redos•added 2024/03/22 12:0 a.m.•7 views

ROS-20240322-02

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

Redos•added 2024/03/22 12:0 a.m.•7 views

ROS-20240322-03

Redos•added 2024/03/22 12:0 a.m.•9 views

ROS-20240322-05

RedHat Linux•added 2024/03/20 9:41 a.m.•4 views

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

8CVSS7.5AI score0.01465EPSS

RedHat Linux•added 2024/03/13 1:54 p.m.•1 views

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

8CVSS7.5AI score0.01465EPSS

OSV•added 2024/03/06 11:6 a.m.•35 views

BIT-POSTGRESQL-2020-1720

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issu...

6.5CVSS6.7AI score0.01183EPSS

Amazon•added 2024/03/06 12:0 a.m.•3 views

Important: libpq

Issue Overview: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted...

8CVSS8AI score0.01465EPSS

Tenable Nessus•added 2024/03/06 12:0 a.m.•19 views

Amazon Linux 2 : libpq (ALASPOSTGRESQL14-2024-007)

The version of libpq installed on the remote host is prior to 14.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-007 advisory. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary...

8CVSS7.9AI score0.01465EPSS

Amazon•added 2024/03/05 12:0 a.m.•4 views

Important: postgresql15

8CVSS7.8AI score0.01465EPSS

Amazon•added 2024/03/05 12:0 a.m.•2 views

Important: postgresql15