Postgresql@14.0 Security Vulnerabilities and Issues — Postgresql@14.0 CVE List

Lucene search

PostgresqlPostgresql14.0

7 matches found

CVE•added 2024/11/14 1:15 p.m.•625 views

CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses par...

4.2CVSS6.5AI score0.00157EPSS

CVE•added 2024/05/14 3:43 p.m.•612 views

CVE-2024-4317

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not othe...

4.3CVSS6.2AI score0.00186EPSS

CVE•added 2024/02/08 1:15 p.m.•487 views

CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The v...

8CVSS8.6AI score0.00623EPSS

CVE•added 2024/11/14 1:15 p.m.•483 views

CVE-2024-10979

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions b...

8.8CVSS8.8AI score0.06099EPSS

CVE•added 2024/11/14 1:15 p.m.•460 views

CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes ...

3.7CVSS3.5AI score0.00096EPSS

CVE•added 2024/11/14 1:15 p.m.•330 views

CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker...

5.4CVSS6.3AI score0.01526EPSS

CVE•added 2024/08/08 1:15 p.m.•310 views

CVE-2024-7348

Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiti...

8.8CVSS9AI score0.004EPSS