13 matches found
EUVD-2023-26958
Malicious code in bioql PyPI...
EUVD-2023-27654
Malicious code in bioql PyPI...
CVE-2023-22847
Information disclosure vulnerability exists in pgivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View IMMV created by pgivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by...
CVE-2023-23554
Uncontrolled search path element vulnerability exists in pgivm versions prior to 1.5.1. When refreshing an IMMV, pgivm executes functions without specifying schema names. Under certain conditions, pgivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's...
CVE-2023-23554
Uncontrolled search path element vulnerability exists in pgivm versions prior to 1.5.1. When refreshing an IMMV, pgivm executes functions without specifying schema names. Under certain conditions, pgivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's...
CVE-2023-22847
Information disclosure vulnerability exists in pgivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View IMMV created by pgivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by...
Privilege escalation
Uncontrolled search path element vulnerability exists in pgivm versions prior to 1.5.1. When refreshing an IMMV, pgivm executes functions without specifying schema names. Under certain conditions, pgivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's...
Information disclosure
Information disclosure vulnerability exists in pgivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View IMMV created by pgivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by...
CVE-2023-23554
CVE-2023-23554 affects the pg_ivm PostgreSQL extension (versions prior to 1.5.1). When refreshing an Incrementally Maintained Materialized View (IMMV), pg_ivm may execute functions without fully qualifying schema names, allowing potential execution of functions from other schemas with the IMMV ow...
CVE-2023-22847
Information disclosure vulnerability exists in pgivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View IMMV created by pgivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by...
CVE-2023-23554
Uncontrolled search path element vulnerability exists in pgivm versions prior to 1.5.1. When refreshing an IMMV, pgivm executes functions without specifying schema names. Under certain conditions, pgivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's...
CVE-2023-22847
CVE-2023-22847 affects the pg_ivm extension (versions before 1.5.1). An Incrementally Maintainable Materialized View (IMMV) may reflect rows protected by Row-Level Security, allowing unauthorized users to access restricted data. The issue is confirmed across multiple sources; fix is to update to ...
JVN#19872280: Multiple vulnerabilities in PostgreSQL extension module pg_ivm
pgivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pgivm contains multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2023-22847 An...