Lucene search
+L

51 matches found

OSV
OSV
added 2024/11/28 12:24 p.m.12 views

SUSE-SU-2024:4098-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References9
OSV
OSV
added 2024/11/28 12:24 p.m.19 views

SUSE-SU-2024:4097-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References9
SUSE Linux
SUSE Linux
added 2024/11/28 12:24 p.m.4 views

Security update for postgresql15

This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

8.8CVSS7.4AI score0.04422EPSS
Exploits1References16
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.2 views

Astra Linux – Vulnerability in PostgresSQL-15

Incorrect privilege assignments in PostgreSQL allow a less-privileged application user to view or modify rows that were not intended for them. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or equivalent features. The problem arises when an application query uses...

4.2CVSS6.7AI score0.00705EPSS
Exploits0References3
OSV
OSV
added 2024/11/16 7:16 a.m.112 views

BIT-POSTGRESQL-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS6.7AI score0.00705EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/11/15 4:6 a.m.5 views

SUSE CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS9.4AI score0.00705EPSS
Exploits0References21
BDU FSTEC
BDU FSTEC
added 2024/11/15 12:0 a.m.5 views

The vulnerability of the SET ROLE and SET SESSION commands in the PostgreSQL database management system allows attackers to enhance their privileges and gain access to protected information.

The vulnerability of the SET ROLE and SET SESSION commands in the PostgreSQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to enhance their privileges and gain access to protected information...

4.2CVSS6.5AI score0.00705EPSS
Exploits0References13Affected Software8
OSV
OSV
added 2024/11/14 1:15 p.m.9 views

AZL-53204 CVE-2024-10978 affecting package postgresql for versions less than 14.14-1

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS7.2AI score0.00705EPSS
Exploits0References1
OSV
OSV
added 2024/11/14 1:15 p.m.4 views

ALPINE-CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS6.8AI score0.00705EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/14 1:0 p.m.44 views

CVE-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS0.00705EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2024/11/14 1:0 p.m.12 views

CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS6.9AI score0.00705EPSS
Exploits0
FreeBSD
FreeBSD
added 2024/11/14 12:0 a.m.27 views

PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

PostgreSQL project reports: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when...

4.2CVSS6.9AI score0.00705EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.6 views

FreeBSD : PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID (12e3feab-a29f-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 12e3feab-a29f-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incorrect privilege assignment in PostgreSQL allows a less-privileged...

4.2CVSS6.4AI score0.00705EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.5 views

SUSE CVE-2006-0678

PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service server crash via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553...

1.5CVSS6.5AI score0.00333EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.3 views

SUSE CVE-2007-6600

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

6.5CVSS7.2AI score0.03098EPSS
Exploits1References5
OSV
OSV
added 2021/12/20 8:15 a.m.2 views

DEBIAN-CVE-2021-44732

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtlssslsetsession failure...

9.8CVSS8.2AI score0.02569EPSS
Exploits1References1
OSV
OSV
added 2021/12/20 8:15 a.m.2 views

UBUNTU-CVE-2021-44732

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtlssslsetsession failure...

9.8CVSS7.1AI score0.02569EPSS
Exploits1References9
OSV
OSV
added 2020/02/06 5:15 p.m.5 views

CVE-2019-12426

an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06...

5.3CVSS6.1AI score0.04889EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2009/10/06 12:0 a.m.36 views

IBM DB2 Unspecified Vulnerability (Windows)

The host is installed with IBM DB2 and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2unspesifiedvulnwin.nasl 4869 2016-12-29 11:01:45Z teissa $ IBM DB2 Unspecified Vulnerability Windows Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks GmbH,...

10CVSS1.6AI score0.02006EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2009/10/06 12:0 a.m.30 views

IBM DB2 Unspecified Vulnerability (Linux)

The host is installed with IBM DB2 and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2unspesifiedvulnlin.nasl 7113 2017-09-13 06:03:30Z cfischer $ IBM DB2 Unspecified Vulnerability Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks GmbH,...

10CVSS1.4AI score0.02006EPSS
Exploits0References3
Rows per page
Query Builder