24 matches found
EUVD-2019-2172
Malware in sbrugna...
EUVD-2007-4401
Malware in sbrugna...
EUVD-2021-7668
Malicious code in bioql PyPI...
RHEL 7 : postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: Uncontrolled search path element in pgdump and other client applications CVE-2018-1058 - It w...
CVE-2021-40331 Permissions problem in the Apache Ranger Hive Plugin
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from...
Apache Ranger 安全漏洞
Apache Ranger is a set of architectures from the U.S.-based Apache Foundation that implements comprehensive security measures for Hadoop clusters. The product provides centralized security policy management for core enterprise security requirements such as authorization, billing and data...
PT-2023-12360 · Apache · Apache Ranger Hive Plugin
Name of the Vulnerable Software and Affected Versions: Apache Ranger Hive Plugin versions 2.0.0 through 2.3.0 Description: An Incorrect Permission Assignment for Critical Resource issue was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownershi...
SUSE CVE-2021-20229
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality...
MGASA-2021-0121 Updated postgresql packages fix security vulnerabilities
A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message CVE-2021-3393. A user having a SELECT privilege on an individual column can craft a special query that returns all columns of...
DEBIAN-CVE-2021-20229
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality...
ALPINE-CVE-2021-20229
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality...
Design/Logic Flaw
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality...
KLA12088 Multiple vulnerabilities in PostgreSQL
Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A security bypass vulnerability in SELECT privilege can be exploited to bypass securi...
PT-2021-2222 · Unknown +3 · Postgresql +2
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 13.2 PostgreSQL versions prior to 12.6 PostgreSQL versions prior to 11.11 PostgreSQL versions prior to 10.16 PostgreSQL versions prior to 9.6.21 PostgreSQL versions prior to 9.5.25 Description: A flaw was found in...
postgresql: Selectivity estimators bypass row security policies
PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...
postgresql: Selectivity estimators bypass row security policies
PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...
postgresql: Selectivity estimators bypass row security policies
PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...
postgresql: Selectivity estimators bypass row security policies
PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...
postgresql: Selectivity estimators bypass row security policies
PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...
CVE-2017-15099
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...