140 matches found
CVE-2023-41113
CVE-2023-41113 (EPAS) is confirmed in multiple security bulletins as an information-disclosure vulnerability in EnterpriseDB Postgres Advanced Server. A remote authenticated attacker could enumerate the existence of files on disk and glean limited content information when a superuser configures f...
CVE-2023-41120
CVE-2023-41120 affects EnterpriseDB Postgres Advanced Server (EPAS) and EDB Postgres Advanced Server variants. A flaw in DBMS_PROFILER allows an authenticated user to remove all accumulated profiling data on a system-wide basis, bypassing permissions. Affected versions include EPAS before 11.21.3...
CVE-2023-41115
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...
CVE-2023-41113
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...
CVE-2023-41116
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions...
CVE-2023-41117
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against...
CVE-2023-41119
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...
CVE-2023-41118
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...
PT-2023-27800 · Enterprisedb · Enterprisedb Postgres Advanced Server
Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server versions prior to 12.16.20 EnterpriseDB Postgres Advanced Server versions prior to 13.12.16 EnterpriseDB Postgres Advanced Server versions...
PT-2023-27802 · Enterprisedb · Enterprisedb Postgres Advanced Server
Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server EPAS versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server EPAS versions 12.x prior to 12.16.20 EnterpriseDB Postgres Advanced Server EPAS versions 13.x prior to 13.12.16 EnterpriseDB Postgres...
PT-2023-27804 · Enterprisedb · Enterprisedb Postgres Advanced Server
Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server EPAS versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server EPAS versions 12.x prior to 12.16.20 EnterpriseDB Postgres Advanced Server EPAS versions 13.x prior to 13.12.16 EnterpriseDB Postgres...
PT-2023-27801 · Enterprisedb · Enterprisedb Postgres Advanced Server
Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server EPAS versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server EPAS versions 12.x prior to 12.16.20 EnterpriseDB Postgres Advanced Server EPAS versions 13.x prior to 13.12.16 EnterpriseDB Postgres...
EnterpriseDB Postgres Advanced Server Security Vulnerability
EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from allowing an authenticated user to delete all accumulated...
Okta Advanced Server Access Client 1.13.1 < 1.68.2 Command Injection
The versions of Okta Advanced Server Access Client installed on the remote host is affected by a command injection vulnerability due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issu...
Okta Advanced Server Access Client < 1.57.0 Command Injection
The versions of Okta Advanced Server Access Client installed on the remote host is affected by a command injection vulnerability via a specially crafted URL. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEV...
Okta Advanced Server Access Client < 1.58.0 Command Injection
The versions of Okta Advanced Server Access Client installed on the remote host is affected by a command injection vulnerability via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execut...
Okta Advanced Server Access Client Installed (Linux)
Binary data oktaadvancedserveraccessclientnixinstalled.nbin...
Okta Advanced Server Access Client Installed (macOS)
Binary data oktaadvancedserveraccessclientmacinstalled.nbin...
Okta Advanced Server Access Client Installed (Windows)
Binary data oktaadvancedserveraccessclientwininstalled.nbin...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...