12968 matches found
Astra Linux - уязвимость в postgresql-11
Incorrect privilege assignments in PostgreSQL allow a less-privileged application user to view or modify rows that were not intended for them. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or equivalent features. The problem arises when an application query uses...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL. There is an issue where insufficient efforts are made to ensure safe operation when a privileged user is managing objects of another user. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activate relevant...
Astra Linux - уязвимость в postgresql-11
schemaelement defeats protective measures for search paths; It was discovered that certain database calls in PostgreSQL could allow an authenticated attacker with elevated database-level privileges to execute arbitrary code...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL versions prior to 13.3, before 12.7, before 11.12, before 10.17, and before 9.6.22. When modifying certain SQL array values, missing bounds checks allow authenticated database users to write arbitrary bytes into a wide range of server memory. The greatest threa...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in the psql interactive terminal of PostgreSQL in versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20, and prior to 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary cod...
Astra Linux - уязвимость в postgresql-11
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for execution during dump restoration, through the client operating system account running psql, using psql meta-commands within a specially crafted object name. The same attack...
Astra Linux - уязвимость в postgresql-11
A vulnerability was discovered in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the...
Astra Linux - уязвимость в php8.1, php7.3
In PHP versions 8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, and 8.4. pgsql and pdopgsql versions, the escaping functions do not check whether the underlying quoting functions return errors. This could lead to crashes if the Postgres server rejects the string as invalid...
Astra Linux - уязвимость в postgresql-11
Row security policies ignore changes to user IDs after inline operations. PostgreSQL may allow incorrect policies to be applied in certain cases where role-specific policies are used, and where a given query is planned to be executed under one role and then executed under another role. This...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL versions prior to 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20, and before 9.5.24. An attacker who has permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL versions prior to 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20, and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, ther...
Astra Linux - уязвимость в postgresql-11
A man-in-the-middle attacker can inject false responses to the client’s first few queries, despite the use of SSL certificate verification and encryption...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL. By using an UPDATE...RETURNING command on a specially crafted table, an authenticated database user could read arbitrary bytes of server memory. The most significant threat of this vulnerability is data confidentiality...
Astra Linux - уязвимость в postgresql-11
Inclusion of untrusted data in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for execution during dump restoration, as the client operating system account running psql restores the dump using psql meta-commands. pgdumpall is also affected. pgresto...
Astra Linux - уязвимость в postgresql-11
A late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY operation in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. This feature enables the owner of the materialized view to run SQL functions, thereby allowing for the safe refreshing of...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL related to the pgcancelbackend role, which signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a background worker that is less...
Astra Linux - уязвимость в postgresql-11
The vulnerability of the SECURITY DEFINER function in a relational database management system like PostgreSQL is related to insecure management of privileges. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...
Astra Linux - уязвимость в postgresql-11
In the extension script, a SQL injection vulnerability was detected in PostgreSQL when the symbols @extowner@, @extschema@, or @extschema:...@ were used within quotation marks either dollar quotes, '', or other forms of quotation marks. If an administrator has installed files from a vulnerable,...
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...
PT-2026-42361
Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...