257 matches found
CVE-2024-10976
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
PT-2024-8143 · Unknown +11 · Postgresql +10
Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to an inconsistency in the row security policy of PostgreSQL, allowing an attacker to potentially execute arbitrary commands by reusing a query in multiple SET ROLE...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL that stems from...
FreeBSD : PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes (3831292b-a29d-11ef-af48-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3831292b-a29d-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reus...
Vulnerability in core server (CVE-2024-10976)
PostgreSQL row security below e.g. subqueries disregards user ID changes Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user I...
PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes
PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery...
CBL Mariner 2.0 Security Update: postgresql (CVE-2023-2455)
The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2455 advisory. - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policie...
CVE-2023-2455
...
openSUSE: Security Advisory for postgresql15 (SUSE-SU-2023:3347-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: postgresql
Issue Overview: This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. CVE-2023-2454 While CVE-2016-2193 fixed most interaction between row...
EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2023-3146)
According to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker...
postgresql: MERGE fails to enforce UPDATE or SELECT row security policies
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...
postgresql: MERGE fails to enforce UPDATE or SELECT row security policies
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...
postgresql: MERGE fails to enforce UPDATE or SELECT row security policies
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...
RHEL 9 : postgresql:15 (RHSA-2023:7885)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7885 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflo...
AlmaLinux 9 : postgresql:15 (ALSA-2023:7785)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7785 advisory. postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-58...
postgresql: MERGE fails to enforce UPDATE or SELECT row security policies
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...
postgresql: row security policies disregard user ID changes after inlining.
A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...
ALSA-2023:7785 Important: postgresql:15 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...
postgresql: row security policies disregard user ID changes after inlining.
A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...