Логотип exploitDog
bind:"BDU:2024-09681" OR bind:"CVE-2024-10978"
Консоль
Логотип exploitDog

exploitDog

bind:"BDU:2024-09681" OR bind:"CVE-2024-10978"
Поиск уязвимостей по источнику БДУ ФСТЭК

БДУ ФСТЭК

Поиск уязвимостей по источнику Microsoft MSRC

Microsoft MSRC

Поиск уязвимостей по источнику NVD

NVD

Поиск уязвимостей по источнику Oracle ELSA

Oracle ELSA

Поиск уязвимостей по источнику Red Hat CVE

Red Hat CVE

Поиск уязвимостей по источнику РЕД ОС

РЕД ОС

Поиск уязвимостей по источнику Rocky RLSA

Rocky RLSA

Поиск уязвимостей по источнику SUSE CVRF

SUSE CVRF

Поиск уязвимостей по источнику Ubuntu

Ubuntu

Поиск уязвимостей по источнику Debian

Debian

Поиск уязвимостей по источнику Github

Github

Количество 41

Количество 41

fstec логотип

BDU:2024-09681

около 1 года назад

Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации

CVSS3: 4.2
EPSS: Низкий
redos логотип

ROS-20241211-08

около 1 года назад

Множественные уязвимости postgresql15-1c

CVSS3: 8.8
EPSS: Низкий
redos логотип

ROS-20241211-07

около 1 года назад

Множественные уязвимости postgresql-1c

CVSS3: 8.8
EPSS: Низкий
redos логотип

ROS-20241211-06

около 1 года назад

Множественные уязвимости postgresql16

CVSS3: 8.8
EPSS: Низкий
redos логотип

ROS-20241211-05

около 1 года назад

Множественные уязвимости postgresql15

CVSS3: 8.8
EPSS: Низкий
redos логотип

ROS-20241211-04

около 1 года назад

Множественные уязвимости postgresql14

CVSS3: 8.8
EPSS: Низкий
redos логотип

ROS-20241211-03

около 1 года назад

Множественные уязвимости postgresql13

CVSS3: 8.8
EPSS: Низкий
redos логотип

ROS-20241211-02

около 1 года назад

Множественные уязвимости postgresql

CVSS3: 8.8
EPSS: Низкий
ubuntu логотип

CVE-2024-10978

около 1 года назад

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS3: 4.2
EPSS: Низкий
redhat логотип

CVE-2024-10978

около 1 года назад

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS3: 4.2
EPSS: Низкий
nvd логотип

CVE-2024-10978

около 1 года назад

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS3: 4.2
EPSS: Низкий
msrc логотип

CVE-2024-10978

около 1 года назад

PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID

CVSS3: 4.2
EPSS: Низкий
debian логотип

CVE-2024-10978

около 1 года назад

Incorrect privilege assignment in PostgreSQL allows a less-privileged ...

CVSS3: 4.2
EPSS: Низкий
github логотип

GHSA-37v9-jh5m-f5pg

около 1 года назад

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS3: 4.2
EPSS: Низкий
rocky логотип

RLSA-2024:10832

около 1 года назад

Important: postgresql:13 security update

EPSS: Низкий
rocky логотип

RLSA-2024:10831

около 1 года назад

Important: postgresql:16 security update

EPSS: Низкий
rocky логотип

RLSA-2024:10830

около 1 года назад

Important: postgresql:15 security update

EPSS: Низкий
rocky логотип

RLSA-2024:10788

около 1 года назад

Important: postgresql:16 security update

EPSS: Низкий
rocky логотип

RLSA-2024:10787

около 1 года назад

Important: postgresql:15 security update

EPSS: Низкий
rocky логотип

RLSA-2024:10785

около 1 года назад

Important: postgresql:12 security update

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
fstec логотип
BDU:2024-09681

Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации

CVSS3: 4.2
0%
Низкий
около 1 года назад
redos логотип
ROS-20241211-08

Множественные уязвимости postgresql15-1c

CVSS3: 8.8
около 1 года назад
redos логотип
ROS-20241211-07

Множественные уязвимости postgresql-1c

CVSS3: 8.8
около 1 года назад
redos логотип
ROS-20241211-06

Множественные уязвимости postgresql16

CVSS3: 8.8
около 1 года назад
redos логотип
ROS-20241211-05

Множественные уязвимости postgresql15

CVSS3: 8.8
около 1 года назад
redos логотип
ROS-20241211-04

Множественные уязвимости postgresql14

CVSS3: 8.8
около 1 года назад
redos логотип
ROS-20241211-03

Множественные уязвимости postgresql13

CVSS3: 8.8
около 1 года назад
redos логотип
ROS-20241211-02

Множественные уязвимости postgresql

CVSS3: 8.8
около 1 года назад
ubuntu логотип
CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS3: 4.2
0%
Низкий
около 1 года назад
redhat логотип
CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS3: 4.2
0%
Низкий
около 1 года назад
nvd логотип
CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS3: 4.2
0%
Низкий
около 1 года назад
msrc логотип
CVE-2024-10978

PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID

CVSS3: 4.2
0%
Низкий
около 1 года назад
debian логотип
CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged ...

CVSS3: 4.2
0%
Низкий
около 1 года назад
github логотип
GHSA-37v9-jh5m-f5pg

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS3: 4.2
0%
Низкий
около 1 года назад
rocky логотип
RLSA-2024:10832

Important: postgresql:13 security update

около 1 года назад
rocky логотип
RLSA-2024:10831

Important: postgresql:16 security update

около 1 года назад
rocky логотип
RLSA-2024:10830

Important: postgresql:15 security update

около 1 года назад
rocky логотип
RLSA-2024:10788

Important: postgresql:16 security update

около 1 года назад
rocky логотип
RLSA-2024:10787

Important: postgresql:15 security update

около 1 года назад
rocky логотип
RLSA-2024:10785

Important: postgresql:12 security update

около 1 года назад

Уязвимостей на страницу