15 matches found
JLSEC-2026-47
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
Important: postgresql15
Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...
postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes
A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...
postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes
A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...
postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes
A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...
postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes
A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...
DEBIAN-CVE-2024-10976
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes
PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery...
SUSE CVE-2007-2692
The mysqlchangedb function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::dbaccess privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges...
GaussDB Kernel: Controlling the Permission to Execute the SECURITY INVOKER Function
The SECURITY INVOKER function is executed with the permissions of the invoker. Before invoking a function not created by yourself, check the function content to prevent the function creator from performing unauthorized operations with your Permissions. Copyright C 2020 Greenbone Networks GmbH Som...
openGauss: Controlling the Permission to Execute the SECURITY INVOKER Function
The SECURITY INVOKER function is executed with the permissions of the invoker. Before invoking such a function not created by yourself, check the function content to prevent the function creator from performing unauthorized operations with your permissions. Copyright C 2020 Greenbone Networks Gmb...
Privilege Escalation
MySQL is vulnerable to Privilege Escalation. A flaw was discovered in the mysqlchangedb function when returning from SQL SECURITY INVOKER stored routines. An authenticated user could use this flaw to gain database privileges...
Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-588-1
Ubuntu Update for Linux kernel vulnerabilities USN-588-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5881.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-588-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
mysql SECURITY INVOKER functions do not drop privileges
The mysqlchangedb function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::dbaccess privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges...
MySQL 4/5 - SUID Routine Miscalculation Arbitrary DML Statement Execution
source: https://www.securityfocus.com/bid/19559/info MySQL is prone to these vulnerabilities: - A privilege-elevation vulnerability. A user with privileges to execute SUID routines may gain elevated privileges by executing certain commands and code with higher privileges. - A security-bypass...