Advisory ROSA-SA-2025-2911

software: postgresql 12.22 WASP: ROSA-CHROME unaffected versions = postgresql-9.5.2 affected versions postgresql-9.5.2 CVE-ID: CVE-2016-2193 BDU-ID: 2016-00974 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to errors in security settings...

BIT-POSTGRESQL-2024-10976 PostgreSQL row security below e.g. subqueries disregards user ID changes

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

CVE-2016-2193

creationtimestamp| type| source ---|---|--- 2024-11-14 13:05:05+00:00| seen| https://infosec.exchange/users/cve/statuses/113481449755283145 2024-11-14 14:59:09+00:00| seen| https://t.me/cvedetector/10948 2025-02-14 10:03:10+00:00| seen| Telegram/T7bmhZyyY3q44NdwHtBlh0uklY8nk4hbekeMxCZgwv81B...

PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes

PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery...

postgresql-server -- Row security policies disregard user ID changes after inlining

PostgreSQL Project reports While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned...

SUSE CVE-2016-2193

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role...

CVE-2016-2193

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role...

CVE-2016-2193

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role...

CVE-2016-2193

CVE-2016-2193 affects PostgreSQL prior to 9.5.2 where row-security status was not correctly maintained in cached plans, potentially allowing a session running queries as multiple roles to bypass intended access restrictions. The provided sources indicate the issue lies in how row-level security i...

KLA10790 Multiple vulnerabilities in PostgreSQL

Multiple serious vulnerabilities have been found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or cause denial of service. Below is a complete list of vulnerabilities 1. An unknown vulnerability can be exploited via ...

PostgreSQL 9.5.x < 9.5.2 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.5.x prior to 9.5.2. It is, therefore, affected by multiple vulnerabilities : - A flaw exists that is triggered when a query plan is incorrectly reused for more than one ROLE within the same session. An authenticated, remote attacker can...

FreeBSD : PostgreSQL -- minor security problems. (97a24d2e-f74c-11e5-8458-6cc21735f730)

PostgreSQL project reports : Security Fixes for RLS, BRIN This release closes security hole CVE-2016-2193 https://access.redhat.com/security/cve/CVE-2016-2193, where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security RLS...

PostgreSQL -- minor security problems.

PostgreSQL project reports: Security Fixes for RLS, BRIN This release closes security hole CVE-2016-2193 https://access.redhat.com/security/cve/CVE-2016-2193, where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security RLS...