exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 56

SUSE-SU-2024:4099-1

больше 1 года назад

Security update for postgresql12

EPSS: Низкий

SUSE-SU-2024:4098-1

больше 1 года назад

Security update for postgresql15

EPSS: Низкий

SUSE-SU-2024:4097-1

больше 1 года назад

Security update for postgresql12

EPSS: Низкий

SUSE-SU-2024:4096-1

больше 1 года назад

Security update for postgresql14

EPSS: Низкий

SUSE-SU-2024:4095-1

больше 1 года назад

Security update for postgresql15

EPSS: Низкий

SUSE-SU-2024:4063-1

больше 1 года назад

Security update for postgresql, postgresql16, postgresql17

EPSS: Низкий

SUSE-SU-2024:4052-1

больше 1 года назад

Security update for postgresql, postgresql16, postgresql17

EPSS: Низкий

ROS-20241211-08

больше 1 года назад

Множественные уязвимости postgresql15-1c

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-07

больше 1 года назад

Множественные уязвимости postgresql-1c

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-06

больше 1 года назад

Множественные уязвимости postgresql16

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-05

больше 1 года назад

Множественные уязвимости postgresql15

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-04

больше 1 года назад

Множественные уязвимости postgresql14

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-03

больше 1 года назад

Множественные уязвимости postgresql13

CVSS3: 8.8

EPSS: Низкий

ROS-20241211-02

больше 1 года назад

Множественные уязвимости postgresql

CVSS3: 8.8

EPSS: Низкий

CVE-2024-10978

больше 1 года назад

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS3: 4.2

EPSS: Низкий

CVE-2024-10978

больше 1 года назад

CVSS3: 4.2

EPSS: Низкий

CVE-2024-10978

больше 1 года назад

CVSS3: 4.2

EPSS: Низкий

CVE-2024-10978

больше 1 года назад

PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID

CVSS3: 4.2

EPSS: Низкий

CVE-2024-10978

больше 1 года назад

Incorrect privilege assignment in PostgreSQL allows a less-privileged ...

CVSS3: 4.2

EPSS: Низкий

GHSA-37v9-jh5m-f5pg

больше 1 года назад

CVSS3: 4.2

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
SUSE-SU-2024:4099-1 Security update for postgresql12			больше 1 года назад
SUSE-SU-2024:4098-1 Security update for postgresql15			больше 1 года назад
SUSE-SU-2024:4097-1 Security update for postgresql12			больше 1 года назад
SUSE-SU-2024:4096-1 Security update for postgresql14			больше 1 года назад
SUSE-SU-2024:4095-1 Security update for postgresql15			больше 1 года назад
SUSE-SU-2024:4063-1 Security update for postgresql, postgresql16, postgresql17			больше 1 года назад
SUSE-SU-2024:4052-1 Security update for postgresql, postgresql16, postgresql17			больше 1 года назад
ROS-20241211-08 Множественные уязвимости postgresql15-1c	CVSS3: 8.8		больше 1 года назад
ROS-20241211-07 Множественные уязвимости postgresql-1c	CVSS3: 8.8		больше 1 года назад
ROS-20241211-06 Множественные уязвимости postgresql16	CVSS3: 8.8		больше 1 года назад
ROS-20241211-05 Множественные уязвимости postgresql15	CVSS3: 8.8		больше 1 года назад
ROS-20241211-04 Множественные уязвимости postgresql14	CVSS3: 8.8		больше 1 года назад
ROS-20241211-03 Множественные уязвимости postgresql13	CVSS3: 8.8		больше 1 года назад
ROS-20241211-02 Множественные уязвимости postgresql	CVSS3: 8.8		больше 1 года назад
CVE-2024-10978 Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.	CVSS3: 4.2	1% Низкий	больше 1 года назад
CVE-2024-10978 Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.	CVSS3: 4.2	1% Низкий	больше 1 года назад
CVE-2024-10978 Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.	CVSS3: 4.2	1% Низкий	больше 1 года назад
CVE-2024-10978 PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID	CVSS3: 4.2	1% Низкий	больше 1 года назад
CVE-2024-10978 Incorrect privilege assignment in PostgreSQL allows a less-privileged ...	CVSS3: 4.2	1% Низкий	больше 1 года назад
GHSA-37v9-jh5m-f5pg Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.	CVSS3: 4.2	1% Низкий	больше 1 года назад

Уязвимостей на страницу