Lucene search
K

15 matches found

OSV
OSV
added 2026/04/03 1:27 p.m.5 views

JLSEC-2026-47

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.6AI score0.00786EPSS
Exploits0References3
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Important: postgresql15

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

8.8CVSS7.1AI score0.04422EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/12/05 9:15 a.m.188 views

postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes

A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...

5.4CVSS7.2AI score0.00786EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/12/05 9:15 a.m.4 views

postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes

A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...

5.4CVSS7.2AI score0.00786EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/12/04 3:41 p.m.5 views

postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes

A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...

5.4CVSS7.2AI score0.00786EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/12/04 9:24 a.m.4 views

postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes

A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...

5.4CVSS7.2AI score0.00786EPSS
Exploits0References5
OSV
OSV
added 2024/11/14 1:15 p.m.2 views

DEBIAN-CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.3AI score0.00786EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/11/14 12:0 a.m.19 views

PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes

PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery...

5.4CVSS7.1AI score0.00786EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.1 views

SUSE CVE-2007-2692

The mysqlchangedb function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::dbaccess privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges...

6CVSS7.5AI score0.01897EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2020/11/20 12:0 a.m.7 views

GaussDB Kernel: Controlling the Permission to Execute the SECURITY INVOKER Function

The SECURITY INVOKER function is executed with the permissions of the invoker. Before invoking a function not created by yourself, check the function content to prevent the function creator from performing unauthorized operations with your Permissions. Copyright C 2020 Greenbone Networks GmbH Som...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2020/11/11 12:0 a.m.8 views

openGauss: Controlling the Permission to Execute the SECURITY INVOKER Function

The SECURITY INVOKER function is executed with the permissions of the invoker. Before invoking such a function not created by yourself, check the function content to prevent the function creator from performing unauthorized operations with your permissions. Copyright C 2020 Greenbone Networks Gmb...

7.2AI score
Exploits0References1
Veracode
Veracode
added 2020/04/10 12:28 a.m.27 views

Privilege Escalation

MySQL is vulnerable to Privilege Escalation. A flaw was discovered in the mysqlchangedb function when returning from SQL SECURITY INVOKER stored routines. An authenticated user could use this flaw to gain database privileges...

6CVSS3.5AI score0.01897EPSS
Exploits0References27Affected Software1
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.42 views

Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-588-1

Ubuntu Update for Linux kernel vulnerabilities USN-588-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5881.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-588-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

7.5CVSS0.2AI score0.91602EPSS
Exploits16References2
RedHat Linux
RedHat Linux
added 2007/09/10 3:37 p.m.3 views

mysql SECURITY INVOKER functions do not drop privileges

The mysqlchangedb function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::dbaccess privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges...

6CVSS7.5AI score0.01897EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2006/08/17 12:0 a.m.45 views

MySQL 4/5 - SUID Routine Miscalculation Arbitrary DML Statement Execution

source: https://www.securityfocus.com/bid/19559/info MySQL is prone to these vulnerabilities: - A privilege-elevation vulnerability. A user with privileges to execute SUID routines may gain elevated privileges by executing certain commands and code with higher privileges. - A security-bypass...

7.4AI score
Exploits0
Rows per page
Query Builder