Page 2 of 23 results (0.010 seconds)

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. • https://github.com/aiven/aiven-extras/commit/8682ae01bec0791708bf25791786d776e2fb0250 https://github.com/aiven/aiven-extras/security/advisories/GHSA-7r4w-fw4h-67gp https://security.netapp.com/advisory/ntap-20230616-0006 • CWE-20: Improper Input Validation CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. • https://access.redhat.com/security/cve/CVE-2023-2455 https://security.netapp.com/advisory/ntap-20230706-0006 https://www.postgresql.org/support/security/CVE-2023-2455 https://bugzilla.redhat.com/show_bug.cgi?id=2207569 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2023-2454 https://security.netapp.com/advisory/ntap-20230706-0006 https://www.postgresql.org/support/security/CVE-2023-2454 https://bugzilla.redhat.com/show_bug.cgi?id=2207568 • CWE-20: Improper Input Validation •

CVSS: 3.7EPSS: 0%CPEs: 9EXPL: 0

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. • https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://security.netapp.com/advisory/ntap-20230427-0002 https://www.postgresql.org/support/security/CVE-2022-41862 https://access.redhat.com/security/cve/CVE-2022-41862 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL. Odyssey pasa al cliente bytes no encriptados por el hombre en el medio Cuando el almacenamiento de Odyssey está configurado para usar el servidor PostgreSQL usando autenticación "trust" con un requisito "clientcert" o para usar autenticación "cert", un atacante hombre en el medio puede inyectar respuestas falsas a las primeras consultas del cliente. A pesar del uso de la verificación y el cifrado del certificado SSL, Odyssey pasará estos resultados al cliente como si hubieran sido originados en un servidor válido. • https://github.com/yandex/odyssey/issues/377%2C https://www.postgresql.org/support/security/CVE-2021-23222 • CWE-295: Improper Certificate Validation CWE-522: Insufficiently Protected Credentials •