exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 56

SUSE-SU-2024:4099-1

около 1 года назад

Security update for postgresql12

EPSS: Низкий

SUSE-SU-2024:4098-1

около 1 года назад

Security update for postgresql15

EPSS: Низкий

SUSE-SU-2024:4097-1

около 1 года назад

Security update for postgresql12

EPSS: Низкий

SUSE-SU-2024:4096-1

около 1 года назад

Security update for postgresql14

EPSS: Низкий

SUSE-SU-2024:4095-1

около 1 года назад

Security update for postgresql15

EPSS: Низкий

SUSE-SU-2024:4063-1

около 1 года назад

Security update for postgresql, postgresql16, postgresql17

EPSS: Низкий

SUSE-SU-2024:4052-1

около 1 года назад

Security update for postgresql, postgresql16, postgresql17

EPSS: Низкий

ROS-20241211-08

около 1 года назад

Множественные уязвимости postgresql15-1c

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-07

около 1 года назад

Множественные уязвимости postgresql-1c

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-06

около 1 года назад

Множественные уязвимости postgresql16

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-05

около 1 года назад

Множественные уязвимости postgresql15

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-04

около 1 года назад

Множественные уязвимости postgresql14

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-03

около 1 года назад

Множественные уязвимости postgresql13

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-02

около 1 года назад

Множественные уязвимости postgresql

CVSS3: 8.8

EPSS: Низкий

CVE-2024-10978

около 1 года назад

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS3: 4.2

EPSS: Низкий

CVE-2024-10978

около 1 года назад

CVSS3: 4.2

EPSS: Низкий

CVE-2024-10978

около 1 года назад

CVSS3: 4.2

EPSS: Низкий

CVE-2024-10978

около 1 года назад

PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID

CVSS3: 4.2

EPSS: Низкий

CVE-2024-10978

около 1 года назад

Incorrect privilege assignment in PostgreSQL allows a less-privileged ...

CVSS3: 4.2

EPSS: Низкий

GHSA-37v9-jh5m-f5pg

около 1 года назад

CVSS3: 4.2

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
SUSE-SU-2024:4099-1 Security update for postgresql12			около 1 года назад
SUSE-SU-2024:4098-1 Security update for postgresql15			около 1 года назад
SUSE-SU-2024:4097-1 Security update for postgresql12			около 1 года назад
SUSE-SU-2024:4096-1 Security update for postgresql14			около 1 года назад
SUSE-SU-2024:4095-1 Security update for postgresql15			около 1 года назад
SUSE-SU-2024:4063-1 Security update for postgresql, postgresql16, postgresql17			около 1 года назад
SUSE-SU-2024:4052-1 Security update for postgresql, postgresql16, postgresql17			около 1 года назад
ROS-20241211-08 Множественные уязвимости postgresql15-1c	CVSS3: 8.8		около 1 года назад
ROS-20241211-07 Множественные уязвимости postgresql-1c	CVSS3: 8.8		около 1 года назад
ROS-20241211-06 Множественные уязвимости postgresql16	CVSS3: 8.8		около 1 года назад
ROS-20241211-05 Множественные уязвимости postgresql15	CVSS3: 8.8		около 1 года назад
ROS-20241211-04 Множественные уязвимости postgresql14	CVSS3: 8.8		около 1 года назад
ROS-20241211-03 Множественные уязвимости postgresql13	CVSS3: 8.8		около 1 года назад
ROS-20241211-02 Множественные уязвимости postgresql	CVSS3: 8.8		около 1 года назад
CVE-2024-10978 Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.	CVSS3: 4.2	0% Низкий	около 1 года назад
CVE-2024-10978 Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.	CVSS3: 4.2	0% Низкий	около 1 года назад
CVE-2024-10978 Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.	CVSS3: 4.2	0% Низкий	около 1 года назад
CVE-2024-10978 PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID	CVSS3: 4.2	0% Низкий	около 1 года назад
CVE-2024-10978 Incorrect privilege assignment in PostgreSQL allows a less-privileged ...	CVSS3: 4.2	0% Низкий	около 1 года назад
GHSA-37v9-jh5m-f5pg Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.	CVSS3: 4.2	0% Низкий	около 1 года назад

Уязвимостей на страницу