Lucene search
K

61 matches found

RedHat Linux
RedHat Linux
added 2024/12/04 8:52 a.m.3 views

postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features resulting in loss of confidentiality integrity and availability...

4.2CVSS7.3AI score0.00705EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2024/11/29 9:26 a.m.3 views

Security update for postgresql13

This update for postgresql13 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

8.8CVSS7.4AI score0.04422EPSS
Exploits1References16
SUSE Linux
SUSE Linux
added 2024/11/28 12:25 p.m.5 views

Security update for postgresql12

This update for postgresql12 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

8.8CVSS6.5AI score0.04422EPSS
Exploits1References16
OSV
OSV
added 2024/11/28 12:24 p.m.12 views

SUSE-SU-2024:4098-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References9
SUSE Linux
SUSE Linux
added 2024/11/28 12:24 p.m.2 views

Security update for postgresql12

This update for postgresql12 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

8.8CVSS7.4AI score0.04422EPSS
Exploits1References16
OSV
OSV
added 2024/11/28 12:24 p.m.19 views

SUSE-SU-2024:4097-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References9
SUSE Linux
SUSE Linux
added 2024/11/28 12:24 p.m.2 views

Security update for postgresql14

This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

8.8CVSS7.4AI score0.04422EPSS
Exploits1References16
SUSE Linux
SUSE Linux
added 2024/11/28 12:24 p.m.3 views

Security update for postgresql15

This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

8.8CVSS7.4AI score0.04422EPSS
Exploits1References16
Microsoft CVE
Microsoft CVE
added 2024/11/23 8:0 a.m.5 views

PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID

...

4.2CVSS6.3AI score0.00705EPSS
Exploits0
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.2 views

Astra Linux – Vulnerability in PostgresSQL-15

Incorrect privilege assignments in PostgreSQL allow a less-privileged application user to view or modify rows that were not intended for them. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or equivalent features. The problem arises when an application query uses...

4.2CVSS6.7AI score0.00705EPSS
Exploits0References3
OSV
OSV
added 2024/11/16 7:16 a.m.111 views

BIT-POSTGRESQL-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS6.7AI score0.00705EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/11/15 4:6 a.m.5 views

SUSE CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS9.4AI score0.00705EPSS
Exploits0References21
OSV
OSV
added 2024/11/14 1:15 p.m.4 views

ALPINE-CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS6.8AI score0.00705EPSS
Exploits0References1
OSV
OSV
added 2024/11/14 1:15 p.m.9 views

AZL-53204 CVE-2024-10978 affecting package postgresql for versions less than 14.14-1

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS7.2AI score0.00705EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/14 1:0 p.m.38 views

CVE-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS0.00705EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2024/11/14 1:0 p.m.12 views

CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS6.9AI score0.00705EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.6 views

FreeBSD : PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID (12e3feab-a29f-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 12e3feab-a29f-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incorrect privilege assignment in PostgreSQL allows a less-privileged...

4.2CVSS6.4AI score0.00705EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2024/11/14 12:0 a.m.27 views

PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

PostgreSQL project reports: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when...

4.2CVSS6.9AI score0.00705EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/06 6:36 a.m.10 views

CVE-2024-23193

E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...

5.3CVSS6.5AI score0.00545EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.5 views

SUSE CVE-2006-0678

PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service server crash via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553...

1.5CVSS6.5AI score0.00333EPSS
Exploits0References3
Rows per page
Query Builder