Lucene search
K

179 matches found

Tenable Nessus
Tenable Nessus
added 2022/06/02 12:0 a.m.37 views

SUSE SLED15 / SLES15 Security Update : postgresql14 (SUSE-SU-2022:1908-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1908-1 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...

8.8CVSS7.7AI score0.12403EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/01 9:47 p.m.10 views

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.1AI score0.12403EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/05/31 9:26 a.m.4 views

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.1AI score0.12403EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/05/30 1:13 p.m.4 views

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.1AI score0.12403EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/05/30 8:18 a.m.91 views

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.1AI score0.12403EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.6 views

The vulnerabilities of the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck components of the PostgreSQL database management system allow attackers to execute arbitrary SQL functions under the user’s account.

The vulnerabilities of the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck components of the PostgreSQL database management system are related to errors that occur when one user manipulates objects for another user. Exploiting these vulnerabilities allows a...

9CVSS7.4AI score0.12403EPSS
Exploits0References14Affected Software8
NCSC
NCSC
added 2022/05/13 12:0 a.m.4 views

Vulnerability fixed in PostgreSQL

The developers of PostgreSQL have fixed a vulnerability in PostgreSQL. It was found that certain commands such as Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER and pgamcheck do not handle permissions correctly, allowing a user to can execute these commands outside the scop...

8.8CVSS6.9AI score0.12403EPSS
Exploits0
OSV
OSV
added 2022/05/12 12:0 a.m.10 views

UBUNTU-CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.2AI score0.12403EPSS
Exploits0References7
PostrgeSql
PostrgeSql
added 2022/05/12 12:0 a.m.77 views

Vulnerability in core server (CVE-2022-1552)

Autovacuum, REINDEX, and others omit "security restricted operation" sandbox Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck made incomplete efforts to operate safely when a privileged user is maintaining another user's objects. Those commands activated releva...

8.8CVSS8.2AI score0.12403EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/11 12:0 a.m.4 views

PT-2022-2514 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: A flaw was found in PostgreSQL related to incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRES...

9CVSS7.5AI score0.4644EPSS
Exploits2References181
Redos
Redos
added 2021/09/08 12:0 a.m.19 views

ROS-2-1265

2.1265 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...

8.8CVSS8.4AI score0.99295EPSS
Exploits81
Redos
Redos
added 2021/09/08 12:0 a.m.26 views

ROS-2-460

2.460 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...

8.8CVSS8.4AI score0.4644EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.25 views

ROS-2-1235

2.1235 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...

8.8CVSS8.4AI score0.4644EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2020/02/19 12:0 a.m.33 views

Ubuntu 18.04 LTS : PostgreSQL vulnerability (USN-4282-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4282-1 advisory. It was discovered that PostgreSQL incorrectly performed authorization checks when handling the ALTER ... DEPENDS ON EXTENSION sub-commands. A remote attacker coul...

6.5CVSS6.8AI score0.01183EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2020/02/18 12:40 p.m.78 views

USN-4282-1: PostgreSQL vulnerability

It was discovered that PostgreSQL incorrectly performed authorization checks when handling the "ALTER ... DEPENDS ON EXTENSION" sub-commands. A remote attacker could possibly use this issue to drop any function, procedure, materialized view, index, or trigger under certain conditions...

6.5CVSS6.8AI score0.01183EPSS
Exploits0
FreeBSD
FreeBSD
added 2020/02/13 12:0 a.m.31 views

PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks

The PostgreSQL project reports: Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is...

6.5CVSS7.6AI score0.01183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/01/15 4:33 p.m.13 views

CVE-2020-2516

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet...

2.4CVSS4.5AI score0.00784EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/01/14 12:0 a.m.4 views

PT-2020-1538 · Oracle · Oracle Database Server +1

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c Description: The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, allowing a high-privileged attacker with Create Materialized View and...

3.5CVSS4.5AI score0.00784EPSS
Exploits0References6
securityvulns
securityvulns
added 2008/04/16 12:0 a.m.65 views

[Full-disclosure] Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13]

Oracle - Hardcoded Password and Password Reset of OUTLN User DB13 Systems Affected 9i Rel. 1 - 10g Rel. 2 Severity High Risk Category Hardcoded Default Password & Password Reset Vendor URL http://www.oracle.com/ Author Alexander Kornbrust Advisory 16 April 2008 V 1.00 Advisory URL...

0.3AI score
Exploits0
Rows per page
Query Builder