Lucene search
+L

10 matches found

redhat
redhat
added 2021/05/06 10:48 a.m.4 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
redhat
redhat
added 2020/12/22 9:27 a.m.6 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
redhat
redhat
added 2020/12/22 8:55 a.m.7 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
nessus
nessus
added 2020/12/22 12:0 a.m.140 views

RHEL 8 : postgresql:9.6 (RHSA-2020:5661)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5661 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

8.8CVSS7.3AI score0.4644EPSS
Exploits0References16
redhat
redhat
added 2020/12/17 3:56 p.m.5 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
veracode
veracode
added 2020/10/23 8:59 a.m.26 views

SQL Injection

PostgreSQL is vulnerable to SQL injection. TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution...

8.8CVSS2.7AI score0.0217EPSS
Exploits0References5Affected Software3
redhat
redhat
added 2020/09/08 10:6 a.m.7 views

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

8.8CVSS7.4AI score0.0217EPSS
Exploits0References5
nessus
nessus
added 2019/08/12 12:0 a.m.52 views

FreeBSD : PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution (9de4c1c1-b9ee-11e9-82aa-6cc21735f730)

The PostgreSQL project reports : Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

8.8CVSS6.8AI score0.03184EPSS
Exploits0References4
freebsd
freebsd
added 2019/08/08 12:0 a.m.64 views

PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution

The PostgreSQL project reports: Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

6CVSS1.8AI score0.03184EPSS
Exploits0References1
postgresql
postgresql
added 2019/08/08 12:0 a.m.109 views

Vulnerability in core server (CVE-2019-10208)

TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call havi...

8.8CVSS8.5AI score0.0217EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder