Lucene search
K

9 matches found

NVD
NVD
added 2024/11/14 1:15 p.m.31 views

CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS0.00786EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/14 1:0 p.m.50 views

CVE-2024-10976 PostgreSQL row security below e.g. subqueries disregards user ID changes

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

4.2CVSS0.00786EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.16 views

FreeBSD : PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes (3831292b-a29d-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3831292b-a29d-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reus...

7.5CVSS6.5AI score0.01807EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:3 a.m.32 views

BIT-POSTGRESQL-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

5.4CVSS6AI score0.00694EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/09 12:0 a.m.10 views

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

5.6AI score0.00694EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/09 12:0 a.m.50 views

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

6.6AI score0.00694EPSS
Exploits0References3
PostrgeSql
PostrgeSql
added 2023/05/11 12:0 a.m.70 views

Vulnerability in core server (CVE-2023-2455)

Row security policies disregard user ID changes after inlining While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies ar...

5.4CVSS7.6AI score0.00694EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2016/04/13 5:39 p.m.10 views

MGASA-2016-0136 Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: A vulnerability in PostgreSQL 9.3.x before 9.3.12 and 9.4.x before 9.4.7 leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed und...

9.1CVSS5.7AI score0.03347EPSS
Exploits0References5
Mageia
Mageia
added 2016/04/13 5:39 p.m.45 views

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: A vulnerability in PostgreSQL 9.3.x before 9.3.12 and 9.4.x before 9.4.7 leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed und...

9.1CVSS1AI score0.03347EPSS
Exploits0References4
Rows per page
Query Builder