CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...

KLA67224 Security vulnerability in PostgreSQL

Security vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories PostgreSQL: CVE-2024-4317: Restrict visibility of “pgstatsext” and “pgstatsextexprs” entries to the table owner Related products PostgreSQL CVE list...

Vulnerability in core server (CVE-2024-4317)

Restrict visibility of "pgstatsext" and "pgstatsextexprs" entries to the table owner Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other user...

PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't.

PostgreSQL project reports: A security vulnerability was found in the system views pgstatsext and pgstatsextexprs, potentially allowing authenticated database users to see data they shouldn't. If this is of concern in your installation, run the SQL script...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

CVE-2024-2860

The CVE-2024-2860 entry concerns Brocade SANnav. The affected software is SANnav, with the vulnerable component being the PostgreSQL implementation prior to version 2.3.0a. The root cause is an incorrect local authentication flaw that lets an attacker who can access the VM running SANnav read dat...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

Broadcom Brocade SANnav 访问控制错误漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom, Inc. A security vulnerability exists in versions prior to Broadcom Brocade SANnav 2.3.0a that stems from the vulnerability of the PostgreSQL implementation to an incorrect local authentication flaw that allows an attack...

PT-2024-3323

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 14.12 PostgreSQL versions prior to 15.7 PostgreSQL versions prior to 16.3 Description: The issue is related to errors in managing privileges in the PostgreSQL database system, specifically in the pg stats ext and ...

PT-2024-22492 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.0a Description: The PostgreSQL implementation in Brocade SANnav is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where Brocade SANnav is installed can gain access to...

CVE-2024-34532

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module aka querydeluxe 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::getresultfromquery...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to security bypass due to PostgreSQL (CVE-2024-0985)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to security bypass due to PostgreSQL (CVE-2024-0985)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to a denial of service due to PostgreSQL (CVE-2023-5870)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-5870 DESCRIPTION: PostgreSQL is vulnerable to a denial of service, caused by a flaw in the pgsignalbackend role. By sending a...

CVE-2024-34532

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module aka querydeluxe 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::getresultfromquery...

CVE-2024-34532

CVE-2024-34532 : A SQL injection in the “Yvan Dotet PostgreSQL Query Deluxe” module (query_deluxe) for 17.x prior to 17.0.0.4 allows a remote attacker to gain privileges via the query parameter in models/querydeluxe.py:QueryDeluxe::get_result_from_query. Affected software: Yvan Dotet PostgreSQL Q...

PT-2024-25952 · Yvan Dotet · Postgresql Query Deluxe

Name of the Vulnerable Software and Affected Versions: Yvan Dotet PostgreSQL Query Deluxe module versions 17.x before 17.0.0.4 Description: A SQL injection issue allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get result from query. This...

CVE-2024-34532

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module aka querydeluxe 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::getresultfromquery...