5 matches found
MiracleLinux 8 : postgresql:13 (AXSA:2023-6336:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6336:01 advisory. postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after...
CVE-2025-55282 aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration
aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of searchpath restriction, an attacke...
Linux Distros Unpatched Vulnerability : CVE-2023-2454
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated...
K000152931: Multiple PostgreSQL vulnerabilities
Security Advisory Description CVE-2023-2455 Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other...
postgresql: schema_element defeats protective search_path changes
A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code...