Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13233 matches found

Prion
Prionadded 2023/08/11 1:15 p.m.27 views

Command injection

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4CVSS4.6AI score0.00964EPSS
Exploits0References10Affected Software3
Prion
Prionadded 2023/08/11 1:15 p.m.92 views

Sql injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

6.5CVSS8.9AI score0.01572EPSS
Exploits0References28Affected Software3
OSV
OSVadded 2023/08/11 1:15 p.m.0 views

UBUNTU-CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

8.8CVSS7.5AI score0.01572EPSS
Exploits0References11
Vulnrichment
Vulnrichmentadded 2023/08/11 12:19 p.m.6 views

CVE-2023-39418 Postgresql: merge fails to enforce update or select row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

3.1CVSS6.7AI score0.00964EPSS
Exploits0References8
Cvelist
Cvelistadded 2023/08/11 12:19 p.m.24 views

CVE-2023-39418 Postgresql: merge fails to enforce update or select row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

3.1CVSS6.5AI score0.00964EPSS
Exploits0References8
Cvelist
Cvelistadded 2023/08/11 12:19 p.m.24 views

CVE-2023-39417 Postgresql: extension script @substitutions@ within quoting allow sql injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

7.5CVSS9.4AI score0.01572EPSS
Exploits0References24
CVE
CVEadded 2023/08/11 12:19 p.m.328 views

CVE-2023-39418

CVE-2023-39418 affects PostgreSQL: the MERGE command can bypass row security policies for UPDATE and SELECT, allowing insertion of rows that should be disallowed when policies conflict. Public advisories (Debian, Red Hat, AlmaLinux, Canonical/Ubuntu, Cloud Foundry) confirm a fix is available in p...

4.3CVSS6AI score0.00964EPSS
Exploits0References10Affected Software1
CVE
CVEadded 2023/08/11 12:19 p.m.369 views

CVE-2023-39417

CVE-2023-39417 concerns a SQL injection in PostgreSQL extension scripting substitutions (@extowner@/@extschema@ inside quotes) that can, with administrator-installed vulnerable non-bundled extensions and database CREATE privilege, allow arbitrary code execution as the bootstrap superuser. Affecte...

8.8CVSS8.8AI score0.01572EPSS
Exploits0References28Affected Software1
Vulnrichment
Vulnrichmentadded 2023/08/11 12:19 p.m.22 views

CVE-2023-39417 Postgresql: extension script @substitutions@ within quoting allow sql injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

7.5CVSS9.2AI score0.01572EPSS
Exploits0References24
Debian CVE
Debian CVEadded 2023/08/11 12:19 p.m.48 views

CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

8.8CVSS8.8AI score0.01572EPSS
Exploits0
Debian CVE
Debian CVEadded 2023/08/11 12:19 p.m.39 views

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS5.8AI score0.00964EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2023/08/11 12:19 p.m.26 views

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS6.5AI score0.00964EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2023/08/11 12:19 p.m.39 views

CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

8.8CVSS9AI score0.01572EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2023/08/11 6:19 a.m.40 views

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

3.1CVSS6.2AI score0.00964EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2023/08/11 6:19 a.m.78 views

CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

7.5CVSS8AI score0.01572EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2023/08/11 12:0 a.m.22 views

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS6.7AI score0.00964EPSS
Exploits0References7
UbuntuCve
UbuntuCveadded 2023/08/11 12:0 a.m.38 views

CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

8.8CVSS7.5AI score0.01572EPSS
Exploits0References10
Oracle linux
Oracle linuxadded 2023/08/11 12:0 a.m.48 views

postgresql:10 security update

10.23-2.0.1 - Fixed postgresql port binding issue during bootup Orabug: 35103668 10.23-2 - Backport fixes for CVE-2023-2454 and CVE-2023-2455 - Update postgresql-setup to 8.7 https://github.com/devexp-db/postgresql-setup/pull/35 - Resolves: 2207931 10.23-1 - Resolves: CVE-2022-2625 - Rebase to...

8.8CVSS7AI score0.11726EPSS
Exploits0
CNNVD
CNNVDadded 2023/08/10 12:0 a.m.1 views

PostgreSQL SQL Injection Vulnerability

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL. An attacker can exploi...

8.8CVSS7.8AI score0.01572EPSS
Exploits0References20
CNNVD
CNNVDadded 2023/08/10 12:0 a.m.2 views

PostgreSQL Security Vulnerabilities

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL versions prior to 15.4,...

4.3CVSS7.3AI score0.00964EPSS
Exploits0References10
Rows per page
Query Builder