Lucene search
+L

42 matches found

SUSE CVE
SUSE CVE
added 2024/11/15 4:6 a.m.5 views

SUSE CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS9.4AI score0.00705EPSS
Exploits0References21
OSV
OSV
added 2024/11/14 1:15 p.m.4 views

ALPINE-CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS6.8AI score0.00705EPSS
Exploits0References1
OSV
OSV
added 2024/11/14 1:15 p.m.9 views

AZL-53204 CVE-2024-10978 affecting package postgresql for versions less than 14.14-1

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS7.2AI score0.00705EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/14 1:0 p.m.44 views

CVE-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS0.00705EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2024/11/14 1:0 p.m.12 views

CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS6.9AI score0.00705EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.6 views

FreeBSD : PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID (12e3feab-a29f-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 12e3feab-a29f-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incorrect privilege assignment in PostgreSQL allows a less-privileged...

4.2CVSS6.4AI score0.00705EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2024/11/14 12:0 a.m.27 views

PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

PostgreSQL project reports: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when...

4.2CVSS6.9AI score0.00705EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.5 views

SUSE CVE-2006-0678

PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service server crash via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553...

1.5CVSS6.5AI score0.00333EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.3 views

SUSE CVE-2007-6600

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

6.5CVSS7.2AI score0.03098EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2009/10/06 12:0 a.m.36 views

IBM DB2 Unspecified Vulnerability (Windows)

The host is installed with IBM DB2 and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2unspesifiedvulnwin.nasl 4869 2016-12-29 11:01:45Z teissa $ IBM DB2 Unspecified Vulnerability Windows Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks GmbH,...

10CVSS1.6AI score0.02006EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2009/10/06 12:0 a.m.30 views

IBM DB2 Unspecified Vulnerability (Linux)

The host is installed with IBM DB2 and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2unspesifiedvulnlin.nasl 7113 2017-09-13 06:03:30Z cfischer $ IBM DB2 Unspecified Vulnerability Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks GmbH,...

10CVSS1.4AI score0.02006EPSS
Exploits0References3
Prion
Prion
added 2009/09/29 9:30 p.m.26 views

Authorization

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors...

10CVSS7.2AI score0.02006EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2009/09/29 9:30 p.m.40 views

CVE-2009-3473

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors...

10CVSS6.5AI score0.02006EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2008/02/01 2:55 p.m.15 views

PostgreSQL privilege escalation

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

6.5CVSS7.4AI score0.03098EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2008/01/15 12:0 a.m.33 views

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : postgresql vulnerabilities (USN-568-1)

Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. CVE-2007-3278, CVE-2007-6601 It was discovered that the TCL regular expression parser used by...

7.2CVSS8.2AI score0.03855EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2008/01/11 12:44 p.m.7 views

PostgreSQL privilege escalation

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

6.5CVSS7.4AI score0.03098EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/01/11 12:37 p.m.7 views

PostgreSQL privilege escalation

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

6.5CVSS7.4AI score0.03098EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2008/01/09 9:46 p.m.31 views

CVE-2007-6600

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

6.5CVSS7.2AI score0.03098EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2006/03/13 12:0 a.m.24 views

Ubuntu 4.10 / 5.04 / 5.10 : postgresql-7.4, postgresql-8.0, postgresql vulnerability (USN-258-1)

Akio Ishida discovered that the SET SESSION AUTHORIZATION command did not properly verify the validity of its argument. An authenticated PostgreSQL user could exploit this to crash the server. However, this does not affect the official binary Ubuntu packages. The crash can only be triggered if th...

1.5CVSS5.5AI score0.00333EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2006/02/27 6:45 p.m.40 views

USN-258-1: PostgreSQL vulnerability

Akio Ishida discovered that the SET SESSION AUTHORIZATION command did not properly verify the validity of its argument. An authenticated PostgreSQL user could exploit this to crash the server. However, this does not affect the official binary Ubuntu packages. The crash can only be triggered if th...

1.5CVSS5.3AI score0.00333EPSS
Exploits0
Rows per page
Query Builder