Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

110 matches found

AlpineLinux
AlpineLinuxadded 2024/02/08 1:0 p.m.26 views

CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

8CVSS8.7AI score0.00753EPSS
Exploits0
Debian CVE
Debian CVEadded 2024/02/08 1:0 p.m.50 views

CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

8CVSS9AI score0.00753EPSS
Exploits0
CVE
CVEadded 2024/02/08 1:0 p.m.510 views

CVE-2024-0985

Summary: CVE-2024-0985 describes a late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL that lets an object creator execute arbitrary SQL as the command issuer. The attack targets untrusted materialized views and can affect multiple PostgreSQL branches before fixed versions...

8CVSS8.6AI score0.00753EPSS
Exploits0References4Affected Software1
PostrgeSql
PostrgeSqladded 2024/02/08 12:0 a.m.114 views

Vulnerability in core server (CVE-2024-0985)

PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL UPDATE June 19, 2024 : Added v16 as impacted. Updated description to clarify the attack vector. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute...

8CVSS8.5AI score0.00753EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessusadded 2023/11/07 12:0 a.m.14 views

Rocky Linux 8 : postgresql:10 (RLSA-2022:4805)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4805 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The...

8.8CVSS7.7AI score0.02263EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2023/11/06 12:0 a.m.18 views

Rocky Linux 8 : postgresql:12 (RLSA-2022:4807)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4807 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The...

8.8CVSS7.7AI score0.02263EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2023/09/27 12:0 a.m.17 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL11-2023-002)

The version of postgresql installed on the remote host is prior to 11.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL11-2023-002 advisory. A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...

8.8CVSS7.7AI score0.02263EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2023/09/27 12:0 a.m.27 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2023-002)

The version of postgresql installed on the remote host is prior to 14.3-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2023-002 advisory. A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...

8.8CVSS7.7AI score0.02263EPSS
Exploits0References4
Broadcom
Broadcomadded 2023/05/19 12:0 a.m.30 views

CVE-2022-1552 : Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS9AI score0.02263EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2022/11/01 10:43 a.m.47 views

Security Bulletin: Vulnerability in PostgreSQL may affect IBM Elastic Storage System

Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Elastic Storage System. Vulnerability Details CVEID:CVE-2022-1552 DESCRIPTION: PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not...

8.8CVSS9.2AI score0.02263EPSS
Exploits0Affected Software1
Veracode
Veracodeadded 2022/09/12 5:15 a.m.29 views

XML External Entity (XXE)

Calcite Core is vulnerable to XML external entity attacks. A remote attacker is able to read the contents of confidential files through the use of SQL functions such as EXISTSNODE, EXTRACTXML, XMLTRANSFORM or EXTRACTVALUE due to insecure business logic in XmlFunctions.java...

9.8CVSS9.2AI score0.00102EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessusadded 2022/09/06 12:0 a.m.29 views

Amazon Linux 2022 : postgresql14, postgresql14-contrib, postgresql14-llvmjit (ALAS2022-2022-124)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-124 advisory. A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH...

8.8CVSS7.6AI score0.02263EPSS
Exploits0References3
OSV
OSVadded 2022/08/31 4:15 p.m.21 views

CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS3.5AI score0.02263EPSS
Exploits0References6
NVD
NVDadded 2022/08/31 4:15 p.m.18 views

CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS0.02263EPSS
Exploits0References6
Prion
Prionadded 2022/08/31 4:15 p.m.59 views

Design/Logic Flaw

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

6.5CVSS8.8AI score0.02263EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2022/08/31 12:0 a.m.18 views

CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

9.2AI score0.02263EPSS
Exploits0References6
Tenable Nessus
Tenable Nessusadded 2022/06/06 12:0 a.m.32 views

AlmaLinux 8 : postgresql:12 (ALSA-2022:4807)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4807 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block directly...

8.8CVSS7.2AI score0.02263EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2022/06/06 12:0 a.m.41 views

AlmaLinux 8 : postgresql:10 (ALSA-2022:4805)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4805 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block directly...

8.8CVSS7.2AI score0.02263EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2022/06/02 12:0 a.m.36 views

SUSE SLED15 / SLES15 Security Update : postgresql14 (SUSE-SU-2022:1908-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1908-1 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...

8.8CVSS7.7AI score0.02263EPSS
Exploits0References4
Redos
Redosadded 2022/05/30 12:0 a.m.26 views

ROS-20220530-02

Vulnerabilities in the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck components of the PostgreSQL database management system are related to a maintenance error in one component. pgamcheck components of PostgreSQL database management system are related to...

8.8CVSS9AI score0.02263EPSS
Exploits0
Rows per page
Query Builder