8 matches found
CVE-2019-10208 -TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...
Debian DLA-1874-1 : postgresql-9.4 security update
CVE-2019-10208: TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function,...
[SECURITY] [DLA-1874-1] postgresql-9.4 security update
Package : postgresql-9.4 Version : 9.4.24-0+deb8u1 CVE ID : CVE-2019-10208 CVE-2019-10208: TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of th...