1219 matches found
Important: postgresql16
Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...
Ubuntu: Security Advisory (USN-7132-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7132-1: PostgreSQL vulnerabilities
It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. CVE-2024-10976 Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is...
The vulnerability of the installer for Intel Advanced Link Analyzer, a tool for analyzing and optimizing network connections, allows a hacker to enhance their privileges.
The vulnerability of the Intel Advanced Link Analyzer, a tool for analyzing and optimizing network connections, is related to errors in privilege assignment. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Spectrum Power 7 software, related to incorrect privilege assignment, allows a perpetrator to elevate their privileges.
The vulnerability of the Spectrum Power 7 software is related to the improper assignment of privileges by running binary files with the SUID privilege. Exploiting this vulnerability can allow an attacker to increase their privileges...
CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10978)
The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10978 advisory. - Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change...
CVE-2024-52442 WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through = 2.0...
PT-2024-35282 · Userplus · Userplus
Name of the Vulnerable Software and Affected Versions: UserPlus versions n/a through 2.0 Description: The issue is related to an Incorrect Privilege Assignment vulnerability in UserPlus, which allows Privilege Escalation. Recommendations: For versions n/a through 2.0, update to a version that...
PostgreSQL 12.x < 12.21 / 13.x < 13.17 / 14.x < 14.14 / 15.x < 15.9 / 16.x < 16.5 / 17.x < 17.1 Multiple Vulnerabilities
The version of PostgreSQL installed on the remote host is 12 prior to 12.21, 13 prior to 13.17, 14 prior to 14.14, 15 prior to 15.9, 16 prior to 16.5, or 17 prior to 17.1. As such, it is potentially affected by multiple vulnerabilities : - Incorrect control of environment variables in PostgreSQL...
CVE-2021-1462 Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an affected system. The vulnerability is due to...
BIT-POSTGRESQL-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
CVE-2024-10978
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
CVE-2024-10978
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
CVE-2024-10978
The CVE-2024-10978 issue in PostgreSQL is described as incorrect privilege assignment that can let a less-privileged application user view or modify rows not intended when the session has used SET ROLE or SET SESSION AUTHORIZATION. The vulnerability arises if a query reacts to current_setting('ro...
CVE-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
CVE-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
CVE-2024-10978
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
CVE-2024-10978
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and so on. A security vulnerability exists in PostgreSQL that stems from...
PT-2024-8140 · Postgresql +10 · Postgresql +10
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.1 PostgreSQL versions prior to 16.5 PostgreSQL versions prior to 15.9 PostgreSQL versions prior to 14.14 PostgreSQL versions prior to 13.17 PostgreSQL versions prior to 12.21 Description: The issue arises from...