151 matches found
Oracle Linux 9 : postgresql (ELSA-2023-3714)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3714 advisory. 13.11-1.0.1 - Fixed postgresql port binding issue during bootup Orabug: 35420628 13.11-1 - Update to 13.11 - Resolves: 2207935 Tenable has extracted th...
postgresql: row security policies disregard user ID changes after inlining.
A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
ALPINE-CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
DEBIAN-CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
CVE-2019-10208 -TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can...
CVE-2023-2455
A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...
Vulnerability in core server (CVE-2023-2455)
Row security policies disregard user ID changes after inlining While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies ar...
postgresql-server -- Row security policies disregard user ID changes after inlining
PostgreSQL Project reports While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned...
PT-2023-2996 · Unknown +11 · Postgresql +10
Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to row security policies in PostgreSQL, which can be disregarded when user ID changes occur after inlining. This can lead to incorrect policies being applied,...
SUSE CVE-2007-2138
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to...
SUSE CVE-2010-3433
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...
SUSE CVE-2012-0866
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on...
SUSE CVE-2012-2655
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service server crash by adding the 1 SECURITY DEFINER or 2 SET attributes to a procedural language's call handler...
NewStart CGSL CORE 5.05 / MAIN 5.05 : postgresql Multiple Vulnerabilities (NS-SA-2022-0038)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has postgresql packages installed that are affected by multiple vulnerabilities: - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11...
The vulnerability of the SECURITY DEFINER function in software for performing operations on hard disk partition management allows a hacker to access confidential data, compromise its integrity, and cause service failures. This vulnerability arises from the failure to properly cleanse input data.
The vulnerability of the SECURITY DEFINER function in software for performing operations on hard disk partition management systems is related to the lack of measures taken to protect input data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise it...