149 matches found
CVE-2021-33204
In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...
DEBIAN-CVE-2021-33204
In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...
CVE-2021-33204
In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...
CVE-2021-33204
In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...
Code injection
In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...
UBUNTU-CVE-2021-33204
In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...
CVE-2021-33204
In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...
CVE-2021-33204
CVE-2021-33204 affects the pg_partman (PG Partition Manager) extension for PostgreSQL prior to 4.5.1. The issue allows arbitrary code execution via SECURITY DEFINER functions because an explicit search_path is not set. This is a high-severity, network-based risk with potential for full compromise...
CVE-2021-33204
In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
openGauss: Controlling the Permission to Execute the SECURITY DEFINER Function
Because the SECURITY DEFINER function is executed with the privileges of the user that created it, ensure that this function is not misused. For security purposes, set searchpath to exclude any schemas writable by untrusted users. This prevents malicious users from creating objects that mask...
Medium: postgresql94
Issue Overview: A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. CVE-2019-10208 Affected Packages: postgresql...
Amazon Linux AMI : postgresql95 (ALAS-2020-1442)
The version of postgresql95 installed on the remote host is prior to 9.5.23-1.81. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1442 advisory. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common...
SQL Injection
PostgreSQL is vulnerable to SQL injection. TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution...