13 matches found
EUVD-2010-3760
Malware in sbrugna...
EUVD-2007-2133
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-10208
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitra...
Important: postgresql
Issue Overview: postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grant...
SUSE CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can...
The vulnerability of the SECURITY DEFINER function in software for performing operations on hard disk partition management allows a hacker to access confidential data, compromise its integrity, and cause service failures. This vulnerability arises from the failure to properly cleanse input data.
The vulnerability of the SECURITY DEFINER function in software for performing operations on hard disk partition management systems is related to the lack of measures taken to protect input data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise it...
openGauss: Controlling the Permission to Execute the SECURITY DEFINER Function
Because the SECURITY DEFINER function is executed with the privileges of the user that created it, ensure that this function is not misused. For security purposes, set searchpath to exclude any schemas writable by untrusted users. This prevents malicious users from creating objects that mask...
CVE-2019-10208
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. Mitigation If your use case requires SECURITY DEFINER...
PostgreSQL Database SET ROLE Security Bypass (CVE-2014-0060)
A policy bypass vulnerability has been found in PostgreSQL database server. The vulnerability is due to a design weakness when granting a role without ADMIN OPTION. A remote attacker can exploit the vulnerability to cause a policy bypass allowing execution of a security-restricted operation or a...
CVE-2010-3433
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...
PL/Tcl): SECURITY DEFINER function keyword bypass
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...
Mandrake Linux Security Advisory : postgresql (MDKSA-2007:094)
A weakness in previous versions of PostgreSQL was found in the security definer functions in which an authenticated but otherwise unprivileged SQL user could use temporary objects to execute arbitrary code with the privileges of the security-definer function. IMPORTANT NOTICE FOR CORPORATE...
Vulnerability in core server (CVE-2007-2138)
A vulnerability involving insecure searchpath settings allows unprivileged users to gain the SQL privileges of the owner of any SECURITY DEFINER function they are allowed to call. Securing such a function requires both a software update and changes to the function definition...