68 matches found
CVE-2020-14350
It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affect...
ALPINE-CVE-2020-14350
It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affect...
CVE-2020-14350
It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affect...
CVE-2020-14350
It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affect...
UBUNTU-CVE-2020-14350
It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affect...
Ubuntu Update for postgresql-8.1, postgresql-8.2 vulnerability USN-454-1
Ubuntu Update for Linux kernel vulnerabilities USN-454-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4541.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for postgresql-8.1, postgresql-8.2 vulnerability USN-454-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks...
Ubuntu 6.06 LTS / 6.10 / 7.04 : postgresql-8.1, postgresql-8.2 vulnerability (USN-454-1)
PostgreSQL did not handle the 'searchpath' configuration option in a secure way for functions declared as 'SECURITY DEFINER'. Previously, an attacker could override functions and operators used by the security definer function to execute arbitrary SQL commands with the privileges of the user who...
PostgreSQL SECURITY DEFINER函数本地权限提升漏洞
PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL的SECURITY DEFINER函数实现上存在安全漏洞,允许本地通过修改searchpath并使用临时对象获得权限提升。 PostgreSQL PostgreSQL 8.2.4 PostgreSQL PostgreSQL 8.1.9 PostgreSQL PostgreSQL 8.0.13 PostgreSQL PostgreSQL 7.4.17 PostgreSQL PostgreSQL 7.3.19 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...