179 matches found
SUSE SLED15 / SLES15 Security Update : postgresql14 (SUSE-SU-2022:1908-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1908-1 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
The vulnerabilities of the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck components of the PostgreSQL database management system allow attackers to execute arbitrary SQL functions under the user’s account.
The vulnerabilities of the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck components of the PostgreSQL database management system are related to errors that occur when one user manipulates objects for another user. Exploiting these vulnerabilities allows a...
Vulnerability fixed in PostgreSQL
The developers of PostgreSQL have fixed a vulnerability in PostgreSQL. It was found that certain commands such as Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER and pgamcheck do not handle permissions correctly, allowing a user to can execute these commands outside the scop...
UBUNTU-CVE-2022-1552
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
Vulnerability in core server (CVE-2022-1552)
Autovacuum, REINDEX, and others omit "security restricted operation" sandbox Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck made incomplete efforts to operate safely when a privileged user is maintaining another user's objects. Those commands activated releva...
PT-2022-2514 · Unknown +11 · Postgresql +10
Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: A flaw was found in PostgreSQL related to incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRES...
ROS-2-1265
2.1265 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...
ROS-2-460
2.460 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...
ROS-2-1235
2.1235 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...
Ubuntu 18.04 LTS : PostgreSQL vulnerability (USN-4282-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4282-1 advisory. It was discovered that PostgreSQL incorrectly performed authorization checks when handling the ALTER ... DEPENDS ON EXTENSION sub-commands. A remote attacker coul...
USN-4282-1: PostgreSQL vulnerability
It was discovered that PostgreSQL incorrectly performed authorization checks when handling the "ALTER ... DEPENDS ON EXTENSION" sub-commands. A remote attacker could possibly use this issue to drop any function, procedure, materialized view, index, or trigger under certain conditions...
PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks
The PostgreSQL project reports: Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is...
CVE-2020-2516
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet...
PT-2020-1538 · Oracle · Oracle Database Server +1
Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c Description: The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, allowing a high-privileged attacker with Create Materialized View and...
[Full-disclosure] Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13]
Oracle - Hardcoded Password and Password Reset of OUTLN User DB13 Systems Affected 9i Rel. 1 - 10g Rel. 2 Severity High Risk Category Hardcoded Default Password & Password Reset Vendor URL http://www.oracle.com/ Author Alexander Kornbrust Advisory 16 April 2008 V 1.00 Advisory URL...