13184 matches found
CVE-2024-23763
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiersattribute parameter...
Privilege Escalation
postgresql is vulnerable to Privilege Escalation. The vulnerability due to unauthorized execution of arbitrary SQL functions as the command issuer with elevated privileges using REFRESH MATERIALIZED VIEW CONCURRENTLY command. It leads to an attacker creates functions that use CREATE RULE to conve...
PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL
...
CVE-2024-23763
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiersattribute parameter...
CVE-2024-23763
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiersattribute parameter...
The vulnerability of the REFRESH MATERIALIZED VIEW CONCURRENTLY function in the PostgreSQL database management system allows attackers to execute arbitrary SQL commands.
The vulnerability of the REFRESH MATERIALIZED VIEW CONCURRENTLY function in the PostgreSQL database management system is related to privilege management errors during the processing and validation of command-line parameters. Exploiting this vulnerability allows a malicious actor to execute...
SUSE CVE-2024-0985
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...
AZL-34279 CVE-2024-0985 affecting package postgresql for versions less than 14.11-1
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...
ALPINE-CVE-2024-0985
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...
DEBIAN-CVE-2024-0985
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...
CVE-2024-0985 PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...
CVE-2024-0985 PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...
CVE-2024-0985
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...
Vulnerability in core server (CVE-2024-0985)
PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL UPDATE June 19, 2024 : Added v16 as impacted. Updated description to clarify the attack vector. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute...
CVE-2024-24811
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...
CVE-2024-24811 Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...
CVE-2024-24811
CVE-2024-24811 affects SQLAlchemyDA, a generic database adapter for ZSQL methods. Versions prior to 2.2 allow unauthenticated execution of arbitrary SQL on the connected database. All users are affected. The issue has been fixed in version 2.2; no workaround is available. Exploitation and in-the-...
PT-2024-20579 · Unknown · Sqlalchemyda
Name of the Vulnerable Software and Affected Versions: SQLAlchemyDA versions prior to 2.2 Description: A vulnerability in SQLAlchemyDA allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem...
PT-2024-1568 · Unknown +11 · Postgresql +10
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 16.2 PostgreSQL versions prior to 15.6 PostgreSQL versions prior to 14.11 PostgreSQL versions prior to 13.14 PostgreSQL versions prior to 12.18 Description: The issue is related to a late privilege drop in the...
CVE-2022-47072
SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...