Lucene search
K

256 matches found

Microsoft CVE
Microsoft CVE
added 2024/11/23 8:0 a.m.4 views

PostgreSQL row security below e.g. subqueries disregards user ID changes

...

5.4CVSS6.3AI score0.00786EPSS
Exploits0
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.2 views

Astra Linux – Vulnerability in PostgresSQL-15

Incomplete tracking of tables with row security in PostgreSQL allows a reused query to view or modify different rows than intended. CVE-2023-2455 and CVE-2016-2193 addressed most issues related to interactions between row security and changes to user IDs. However, they did not cover cases where a...

5.4CVSS6.7AI score0.00786EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/23 12:0 a.m.17 views

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10976)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10976 advisory. - Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

7.5CVSS6.5AI score0.01807EPSS
Exploits0References2
OSV
OSV
added 2024/11/22 2:23 p.m.3 views

OESA-2024-2466 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References5
OSV
OSV
added 2024/11/22 2:22 p.m.14 views

OESA-2024-2430 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

8.8CVSS8.3AI score0.04422EPSS
Exploits1References6
OSV
OSV
added 2024/11/22 2:22 p.m.10 views

OESA-2024-2429 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

8.8CVSS8.3AI score0.04422EPSS
Exploits1References6
OSV
OSV
added 2024/11/22 2:21 p.m.11 views

OESA-2024-2427 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

8.8CVSS8.3AI score0.04422EPSS
Exploits1References6
OSV
OSV
added 2024/11/16 7:16 a.m.40 views

BIT-POSTGRESQL-2024-10976 PostgreSQL row security below e.g. subqueries disregards user ID changes

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.8AI score0.00786EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/11/15 4:6 a.m.4 views

SUSE CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

4.2CVSS9.2AI score0.00786EPSS
Exploits0References21
OpenVAS
OpenVAS
added 2024/11/15 12:0 a.m.11 views

PostgreSQL Multiple Vulnerabilities (Nov 2024) - Windows

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

8.8CVSS7.8AI score0.04422EPSS
Exploits1References6
OSV
OSV
added 2024/11/14 1:15 p.m.7 views

ALPINE-CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.7AI score0.00786EPSS
Exploits0References1
OSV
OSV
added 2024/11/14 1:15 p.m.2 views

DEBIAN-CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.3AI score0.00786EPSS
Exploits0References1
NVD
NVD
added 2024/11/14 1:15 p.m.31 views

CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS0.00786EPSS
Exploits0References3
OSV
OSV
added 2024/11/14 1:15 p.m.7 views

AZL-53215 CVE-2024-10976 affecting package postgresql for versions less than 16.5-1

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS7.1AI score0.00786EPSS
Exploits0References1
OSV
OSV
added 2024/11/14 1:15 p.m.6 views

AZL-53201 CVE-2024-10976 affecting package postgresql for versions less than 14.14-1

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.6AI score0.00786EPSS
Exploits0References1
OSV
OSV
added 2024/11/14 1:15 p.m.23 views

CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.8AI score0.00786EPSS
Exploits0References3
OSV
OSV
added 2024/11/14 1:15 p.m.5 views

UBUNTU-CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.7AI score0.00786EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/11/14 1:0 p.m.20 views

CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.3AI score0.00786EPSS
Exploits0
CVE
CVE
added 2024/11/14 1:0 p.m.374 views

CVE-2024-10976

CVE-2024-10976 affects PostgreSQL row security policy handling when a query is planned under one role and executed under another (e.g., via subqueries, WITH, security invoker views, or SQL-language functions referencing a table with an RLS policy). This incomplete tracking can cause policies to b...

5.4CVSS6.3AI score0.00786EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2024/11/14 1:0 p.m.20 views

CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

7.5CVSS7.2AI score0.01807EPSS
Exploits0
Rows per page
Query Builder