Lucene search
+L

149 matches found

NVD
NVD
added 2021/05/19 5:15 p.m.26 views

CVE-2021-33204

In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...

9.8CVSS0.022EPSS
Exploits0References3
OSV
OSV
added 2021/05/19 5:15 p.m.1 views

DEBIAN-CVE-2021-33204

In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...

9.8CVSS9.2AI score0.022EPSS
Exploits0References1
OSV
OSV
added 2021/05/19 5:15 p.m.18 views

CVE-2021-33204

In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...

9.8CVSS7.7AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/05/19 5:15 p.m.25 views

CVE-2021-33204

In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...

9.8CVSS7.6AI score0.022EPSS
Exploits0References3
Prion
Prion
added 2021/05/19 5:15 p.m.12 views

Code injection

In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...

7.5CVSS9.8AI score0.022EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/05/19 5:15 p.m.7 views

UBUNTU-CVE-2021-33204

In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...

9.8CVSS6.3AI score0.022EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/05/19 4:23 p.m.27 views

CVE-2021-33204

In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...

10AI score0.022EPSS
Exploits0References3
CVE
CVE
added 2021/05/19 4:23 p.m.66 views

CVE-2021-33204

CVE-2021-33204 affects the pg_partman (PG Partition Manager) extension for PostgreSQL prior to 4.5.1. The issue allows arbitrary code execution via SECURITY DEFINER functions because an explicit search_path is not set. This is a high-severity, network-based risk with potential for full compromise...

9.8CVSS9.7AI score0.022EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2021/05/19 4:23 p.m.16 views

CVE-2021-33204

In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set...

9.8CVSS9.8AI score0.022EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/05/06 10:48 a.m.4 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/01/18 4:23 p.m.20 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/01/18 4:22 p.m.5 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/01/18 10:3 a.m.5 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/22 9:27 a.m.6 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/22 8:55 a.m.7 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/17 3:56 p.m.5 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/11/11 12:0 a.m.8 views

openGauss: Controlling the Permission to Execute the SECURITY DEFINER Function

Because the SECURITY DEFINER function is executed with the privileges of the user that created it, ensure that this function is not misused. For security purposes, set searchpath to exclude any schemas writable by untrusted users. This prevents malicious users from creating objects that mask...

7.4AI score
Exploits0References1
Amazon
Amazon
added 2020/10/28 12:0 a.m.48 views

Medium: postgresql94

Issue Overview: A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. CVE-2019-10208 Affected Packages: postgresql...

8.8CVSS8.5AI score0.0217EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/10/27 12:0 a.m.31 views

Amazon Linux AMI : postgresql95 (ALAS-2020-1442)

The version of postgresql95 installed on the remote host is prior to 9.5.23-1.81. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1442 advisory. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common...

8.8CVSS7.1AI score0.0217EPSS
Exploits0References7
Veracode
Veracode
added 2020/10/23 8:59 a.m.25 views

SQL Injection

PostgreSQL is vulnerable to SQL injection. TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution...

8.8CVSS2.7AI score0.0217EPSS
Exploits0References5Affected Software3
Rows per page
Query Builder