Lucene search
K

6 matches found

OSV
OSV
added 2024/11/27 7:59 p.m.13 views

MGASA-2024-0372 Updated postgresql15 & postgresql13 packages fix security vulnerabilities

PostgreSQL row security below e.g. subqueries disregards user ID changes. CVE-2024-10976 PostgreSQL libpq retains an error message from man-in-the-middle. CVE-2024-10977 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. CVE-2024-10978 PostgreSQL PL/Perl environment variable...

8.8CVSS7.6AI score0.04422EPSS
Exploits1References4
OSV
OSV
added 2020/09/06 8:33 p.m.7 views

MGASA-2020-0365 Updated postgresql packages fix security vulnerabilities

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

7.3CVSS8.4AI score0.02235EPSS
Exploits0References3
OSV
OSV
added 2017/11/29 6:52 p.m.7 views

MGASA-2017-0428 Updated postgresql packages fix security vulnerabilities

The startup log file for the postmaster in newer releases, "postgres" process was opened while the process was still owned by root. With this setup, the database owner could specify a file that they did not have access to and cause the file to be corrupted with logged data CVE-2017-12172. Crash d...

8.1CVSS6.9AI score0.06324EPSS
Exploits0References8
OSV
OSV
added 2017/08/28 8:14 a.m.14 views

MGASA-2017-0316 Updated postgresql9.3/4/6 packages fix security vulnerabilities

libpq, and by extension any connection driver that utilizes libpq, ignores empty passwords and does not transmit them to the server. When using libpq or a libpq-based connection driver to perform password-based authentication methods, it would appear that setting an empty password would be the...

9.8CVSS8.6AI score0.61566EPSS
Exploits0References6
OSV
OSV
added 2014/05/17 12:20 a.m.6 views

MGASA-2014-0222 Updated postgresql packages fix multiple vulnerabilities

Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...

6.5CVSS10AI score0.06666EPSS
Exploits6References5
seebug.org
seebug.org
added 2012/02/29 12:0 a.m.607 views

PostgreSQL 8.x/9.x 存在多个安全漏洞

CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 PostgreSQL是一款对象关系型数据库管理系统,支持扩展的SQL标准子集 PostgreSQL存在多个安全漏洞,允许恶意用户绕过部分安全限制,进行伪造攻击或操作某些数据 -在触发函数上没有对CREATE TRIGGER进行正确的权限检查,可利用此漏洞标记触发函数为SECURITY DEFINER,可授权EXECUTE权限 -在校验SSL证书的公用名时不正确把名称截断为32个字符,可导致不正确校验伪造证书...

6.8CVSS7AI score0.03625EPSS
Exploits1
Rows per page
Query Builder