Lucene search
K

51 matches found

Amazon
Amazon
added 2024/12/12 12:0 a.m.10 views

Important: postgresql16

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

8.8CVSS7.1AI score0.04422EPSS
Exploits1
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Important: postgresql15

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

8.8CVSS7.1AI score0.04422EPSS
Exploits1
Snyk
Snyk
added 2024/12/09 3:31 p.m.1 views

Improper Authorization

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Improper Authorization due to the enabled FABADDSECURITYAPI setting, which is disabled by default. An attacker can manipulate role assignments and...

7.6CVSS7AI score0.00641EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/12/05 9:15 a.m.4 views

postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes

A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...

5.4CVSS7.2AI score0.00786EPSS
Exploits0References5
OSV
OSV
added 2024/11/14 1:15 p.m.7 views

AZL-53215 CVE-2024-10976 affecting package postgresql for versions less than 16.5-1

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS7.1AI score0.00786EPSS
Exploits0References1
OSV
OSV
added 2024/11/14 1:15 p.m.2 views

DEBIAN-CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.3AI score0.00786EPSS
Exploits0References1
OSV
OSV
added 2024/11/14 1:15 p.m.7 views

ALPINE-CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.7AI score0.00786EPSS
Exploits0References1
OSV
OSV
added 2024/11/14 1:15 p.m.1 views

UBUNTU-CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.7AI score0.00786EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.6 views

PT-2024-38917 · WordPress · Multivendorx

Name of the Vulnerable Software and Affected Versions: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress versions prior to 4.2.1 Description: The issue is related to an insufficient capability check on the update item permissions check and create item...

9.8CVSS7.1AI score0.01255EPSS
Exploits0References17
Microsoft CVE
Microsoft CVE
added 2024/07/12 12:0 a.m.3 views

CVE-2023-2455

...

5.4CVSS6.6AI score0.00694EPSS
Exploits0
Veracode
Veracode
added 2024/04/29 6:39 a.m.18 views

Improper Access Control

Mattermost Server is vulnerable to Improper Access Control. The vulnerability is due to incomplete validation of role changes within team.go, allowing an attacker authenticated as a team admin to promote guests to team admins through crafted HTTP requests...

2.7CVSS6.9AI score0.00502EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/26 9:30 a.m.24 views

Mattermost fails to fully validate role changes

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS6.6AI score0.00502EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/04/26 9:30 a.m.14 views

GHSA-5QX9-9FFJ-5R8F Mattermost fails to fully validate role changes

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS3.3AI score0.00502EPSS
Exploits0References6
NVD
NVD
added 2024/04/26 9:15 a.m.17 views

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS3.5AI score0.00502EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/26 8:26 a.m.12 views

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS6.6AI score0.00502EPSS
Exploits0References1
CVE
CVE
added 2024/04/26 8:26 a.m.77 views

CVE-2024-4195

Mattermost CVE-2024-4195 affects Mattermost Server components prior to fixes in 9.5.3 and 8.1.12 for 9.6.0/9.5.x before 9.5.3 and 8.1.x before 8.1.12. The root cause is incomplete validation of role changes in team administration logic, allowing an attacker authenticated as a team admin to promot...

2.7CVSS6.5AI score0.00502EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2023/12/07 8:26 a.m.6 views

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

5.4CVSS7.3AI score0.00694EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/12/07 8:26 a.m.3 views

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

5.4CVSS7.3AI score0.00694EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/12/06 9:55 a.m.2 views

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

5.4CVSS7.3AI score0.00694EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/29 2:18 p.m.2 views

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

5.4CVSS7.3AI score0.00694EPSS
Exploits0References5
Rows per page
Query Builder