Lucene search
+L

257 matches found

alpinelinux
alpinelinux
added 2024/11/14 1:0 p.m.21 views

CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

7.5CVSS7.2AI score0.01807EPSS
Exploits0
ptsecurity
ptsecurity
added 2024/11/14 12:0 a.m.6 views

PT-2024-8143 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to an inconsistency in the row security policy of PostgreSQL, allowing an attacker to potentially execute arbitrary commands by reusing a query in multiple SET ROLE...

9CVSS7.4AI score0.89914EPSS
Exploits11References260
cnnvd
cnnvd
added 2024/11/14 12:0 a.m.4 views

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL that stems from...

5.4CVSS6.7AI score0.00786EPSS
Exploits0References3
nessus
nessus
added 2024/11/14 12:0 a.m.16 views

FreeBSD : PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes (3831292b-a29d-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3831292b-a29d-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reus...

7.5CVSS6.5AI score0.01807EPSS
Exploits0References3
postgresql
postgresql
added 2024/11/14 12:0 a.m.74 views

Vulnerability in core server (CVE-2024-10976)

PostgreSQL row security below e.g. subqueries disregards user ID changes Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user I...

5.4CVSS5.6AI score0.00786EPSS
Exploits0References1Affected Software1
freebsd
freebsd
added 2024/11/14 12:0 a.m.19 views

PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes

PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery...

5.4CVSS7.1AI score0.00786EPSS
Exploits0References1
nessus
nessus
added 2024/07/13 12:0 a.m.22 views

CBL Mariner 2.0 Security Update: postgresql (CVE-2023-2455)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2455 advisory. - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policie...

5.4CVSS6.5AI score0.00694EPSS
Exploits0References2
mscve
mscve
added 2024/07/12 12:0 a.m.4 views

CVE-2023-2455

...

5.4CVSS6.6AI score0.00694EPSS
Exploits0
openvas
openvas
added 2024/03/04 12:0 a.m.24 views

openSUSE: Security Advisory for postgresql15 (SUSE-SU-2023:3347-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.2AI score0.01572EPSS
Exploits0References2
amazon
amazon
added 2024/02/19 12:0 a.m.7 views

Important: postgresql

Issue Overview: This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. CVE-2023-2454 While CVE-2016-2193 fixed most interaction between row...

7.5CVSS7.9AI score0.01807EPSS
Exploits0
nessus
nessus
added 2024/01/16 12:0 a.m.28 views

EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2023-3146)

According to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker...

8.8CVSS7.4AI score0.01572EPSS
Exploits0References4
redhat
redhat
added 2023/12/20 9:45 a.m.4 views

postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS7.3AI score0.00956EPSS
Exploits0References6
redhat
redhat
added 2023/12/20 9:43 a.m.4 views

postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS7.3AI score0.00956EPSS
Exploits0References6
redhat
redhat
added 2023/12/20 9:41 a.m.4 views

postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS7.3AI score0.00956EPSS
Exploits0References6
nessus
nessus
added 2023/12/20 12:0 a.m.62 views

RHEL 9 : postgresql:15 (RHSA-2023:7885)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7885 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflo...

8.8CVSS7AI score0.04322EPSS
Exploits0References12
nessus
nessus
added 2023/12/15 12:0 a.m.24 views

AlmaLinux 9 : postgresql:15 (ALSA-2023:7785)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7785 advisory. postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-58...

8.8CVSS6.9AI score0.04322EPSS
Exploits0References6
redhat
redhat
added 2023/12/13 3:36 p.m.3 views

postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS7.3AI score0.00956EPSS
Exploits0References6
redhat
redhat
added 2023/12/13 8:6 a.m.10 views

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

5.4CVSS7.3AI score0.00694EPSS
Exploits0References5
osv
osv
added 2023/12/13 12:0 a.m.38 views

ALSA-2023:7785 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...

8.8CVSS8.2AI score0.04322EPSS
Exploits0References12
redhat
redhat
added 2023/12/07 8:26 a.m.9 views

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

5.4CVSS7.3AI score0.00694EPSS
Exploits0References5
Rows per page
Query Builder