179 matches found
EUVD-2023-26958
Malicious code in bioql PyPI...
EUVD-2025-21512
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-0985
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. T...
Unspecified Vulnerability in Oracle Database Server (CNVD-2025-24075)
Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in Oracle Database Materialized View for Oracle Databas...
The vulnerability of the Oracle Database Materialized View component of the Oracle Database Server allows a attacker to gain access to read, modify, or delete data.
The vulnerability of the Oracle Database Materialized View component in the Oracle Database Server management system is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, or delete data...
CVE-2025-50066
Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMSREDEFINITION privilege with network...
CVE-2025-50066
Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMSREDEFINITION privilege with network...
CVE-2025-50066
Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMSREDEFINITION privilege with network...
Oracle Database Server 安全漏洞
Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in Oracle Database Materialized View for Oracle Databas...
PT-2025-29621 · Oracle · Oracle Database 23.4 +8
Name of the Vulnerable Software and Affected Versions: Oracle Database versions 19.3 through 19.27 Oracle Database versions 21.3 through 21.18 Oracle Database versions 23.4 through 23.8 Description: This issue affects the Oracle Database Materialized View component. A highly privileged attacker...
CVE-2023-22847
Information disclosure vulnerability exists in pgivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View IMMV created by pgivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by...
CVE-2023-41116
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions...
CVE-2023-23554
Uncontrolled search path element vulnerability exists in pgivm versions prior to 1.5.1. When refreshing an IMMV, pgivm executes functions without specifying schema names. Under certain conditions, pgivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's...
PostgreSQL Vulnerable to Privileged Execution of Arbitrary SQL due to Late Privilege Drop in 'REFRESH MATERIALIZED VIEW CONCURRENTLY'
An authenticated attacker that has created a materialized view could run arbitrary SQL commands on a PostgreSQL server if a victim runs REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's view. If the victim is a superuser this could result in full compromise of the PostgreSQL server...
OESA-2024-2430 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
OESA-2024-2429 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
OESA-2024-2428 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
CBL Mariner 2.0 Security Update: postgresql (CVE-2024-0985)
The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0985 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to...
CLSA-2024-1711492417 Fix CVE(s): CVE-2024-0985
SECURITY UPDATE: Execution of arbitrary SQL functions as the command issuer because of late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY - debian/patches/CVE-2024-0985.patch: run REFRESH MATERIALIZED VIEW CONCURRENTLY in right security context - CVE-2024-0985...
postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL
A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...