Alexander Lakhin

#10551of 53,639
26.3Total CVSS
Vulnerabilities · 3
High
3
PT-2023-3148
8.3
2023-05-10
Unknown · Postgresql · CVE-2023-2454
**Name of the Vulnerable Software and Affected Versions** PostgreSQL (affected versions not specified) **Description** The issue is related to a component of the PostgreSQL database management system, specifically the Schema Handler, which has inadequate access control. This can allow a remote attacker with elevated database-level privileges to execute arbitrary code by exploiting the `schema element` that defeats protective `search path` changes. The exploitation can be done using the `CREATE SCHEMA` command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-2514
9.0
2022-05-11
Unknown · Postgresql · CVE-2022-1552
**Name of the Vulnerable Software and Affected Versions** PostgreSQL (affected versions not specified) **Description** A flaw was found in PostgreSQL related to incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg amcheck commands activated relevant protections too late or not at all during the process. This issue allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-2540
9.0
2019-06-19
Postgresql · Postgresql · CVE-2019-10164
**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 10.x through 10.8 PostgreSQL versions 11.x through 11.3 **Description** The issue is caused by a stack-based buffer overflow in the PostgreSQL database management system. This can be exploited by an authenticated user changing their own password to a specially crafted value, potentially allowing the execution of arbitrary code as the PostgreSQL operating system account. **Recommendations** For PostgreSQL versions 10.x through 10.8, update to version 10.9 or later. For PostgreSQL versions 11.x through 11.3, update to version 11.4 or later. As a temporary workaround, consider restricting password changes for users until a patch is applied.