13 matches found
db-security-ctf
Database Security – CTF Vulnerability Lab SEC304 / CN5134...
postgresql security update
An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system DBM...
CVE-2025-55282 aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration
aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of searchpath restriction, an attacke...
CVE-2025-31480
The CVE-2025-31480 affects the aiven-extras PostgreSQL extension. The root cause is the format function not being schema-prefixed, enabling privilege escalation to superuser in PostgreSQL databases that have aiven-extras installed. Remediation per the sources is to upgrade to version 1.1.16 and, ...
Linux Distros Unpatched Vulnerability : CVE-2014-0067
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The make check command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a...
SUSE CVE-2024-10978
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
ALPINE-CVE-2024-10978
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
FreeBSD : PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID (12e3feab-a29f-11ef-af48-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 12e3feab-a29f-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incorrect privilege assignment in PostgreSQL allows a less-privileged...
SUSE CVE-2007-6600
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...
PostgreSQL 9.4-0.5.3 - Privilege Escalation
Exploit Title: PostgreSQL 9.4-0.5.3 - Privilege Escalation Date: 2017-10-11 Exploit Author: Johannes Segitz Vendor Homepage: https://bugzilla.suse.com/showbug.cgi?id=1062722 Software Link: - Version: Before postgresql-init-9.4-0.5.3.1 Tested on: SUSE Linux Enterprise 11 SP4 CVE : CVE-2017-14798...
CVE-2017-14798 local privilege escalation in SUSE postgresql init script
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root...
[Backports-security-announce] Security Update for postgresql-8.4
Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problems: CVE-2010-1169 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL's contains several vulnerabilities: John Heasman discovered that the LOAD extension is vulnerable to local privilege escalation CAN-2005-0227. It is possible to bypass the...