Lucene search
+L

151 matches found

Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.17 views

Oracle Linux 9 : postgresql (ELSA-2023-3714)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3714 advisory. 13.11-1.0.1 - Fixed postgresql port binding issue during bootup Orabug: 35420628 13.11-1 - Update to 13.11 - Resolves: 2207935 Tenable has extracted th...

7.2CVSS6.5AI score0.0119EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/06/21 2:48 p.m.73 views

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

5.4CVSS7.3AI score0.00694EPSS
Exploits0References5
NVD
NVD
added 2023/06/09 7:15 p.m.31 views

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

5.4CVSS6.3AI score0.00694EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/09 7:15 p.m.4 views

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

5.4CVSS6.8AI score0.00694EPSS
Exploits0References4
OSV
OSV
added 2023/06/09 7:15 p.m.5 views

ALPINE-CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

5.4CVSS6.9AI score0.00694EPSS
Exploits0References1
OSV
OSV
added 2023/06/09 7:15 p.m.3 views

DEBIAN-CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

5.4CVSS6.9AI score0.00694EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/09 12:0 a.m.56 views

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

6.6AI score0.00694EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/09 12:0 a.m.10 views

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

5.6AI score0.00694EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/06/09 12:0 a.m.81 views

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

5.4CVSS6.8AI score0.00694EPSS
Exploits0
Broadcom
Broadcom
added 2023/06/06 12:0 a.m.7 views

CVE-2019-10208 -TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can...

8.8CVSS7.7AI score0.0217EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/05/16 11:23 a.m.38 views

CVE-2023-2455

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

4.2CVSS5.9AI score0.00694EPSS
Exploits0References4
PostrgeSql
PostrgeSql
added 2023/05/11 12:0 a.m.72 views

Vulnerability in core server (CVE-2023-2455)

Row security policies disregard user ID changes after inlining While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies ar...

5.4CVSS7.6AI score0.00694EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2023/05/11 12:0 a.m.43 views

postgresql-server -- Row security policies disregard user ID changes after inlining

PostgreSQL Project reports While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned...

5.4CVSS7AI score0.00694EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.9 views

PT-2023-2996 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to row security policies in PostgreSQL, which can be disregarded when user ID changes occur after inlining. This can lead to incorrect policies being applied,...

8.8CVSS6.3AI score0.4644EPSS
Exploits2References192
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.2 views

SUSE CVE-2007-2138

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to...

6CVSS7.7AI score0.0369EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.4 views

SUSE CVE-2010-3433

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...

6CVSS8.2AI score0.03331EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.6 views

SUSE CVE-2012-0866

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on...

6.5CVSS7.2AI score0.03625EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.4 views

SUSE CVE-2012-2655

PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service server crash by adding the 1 SECURITY DEFINER or 2 SET attributes to a procedural language's call handler...

4CVSS6.7AI score0.0293EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/05/09 12:0 a.m.49 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : postgresql Multiple Vulnerabilities (NS-SA-2022-0038)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has postgresql packages installed that are affected by multiple vulnerabilities: - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11...

8.8CVSS7.1AI score0.4644EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2021/10/05 12:0 a.m.6 views

The vulnerability of the SECURITY DEFINER function in software for performing operations on hard disk partition management allows a hacker to access confidential data, compromise its integrity, and cause service failures. This vulnerability arises from the failure to properly cleanse input data.

The vulnerability of the SECURITY DEFINER function in software for performing operations on hard disk partition management systems is related to the lack of measures taken to protect input data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise it...

9.8CVSS7.7AI score0.022EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder