Lucene search
K

56 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 8:15 p.m.7 views

CVE-2026-13455

A flaw was found in PostgreSQL Anonymizer. Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows an attacker to perform an offline brute-force attack to deduce the salt, potentially leading to information disclosure. Mitigation...

4.3CVSS5.6AI score0.00118EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 4:16 p.m.8 views

CVE-2026-13455

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...

4.3CVSS0.00118EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:19 p.m.27 views

CVE-2026-13455

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 3:19 p.m.34 views

CVE-2026-13455

PostgreSQL Anonymizer contains a vulnerability in the anon.hash() function where unprivileged masked users can repeatedly call anon.hash(), collecting (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. Affected component: PostgreSQL Anonymizer. Root cause: exp...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53898

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.2 Description Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows for an offline brute-force attack to deduce the salt...

4.3CVSS5.9AI score0.00118EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/12 9:28 a.m.11 views

CVE-2026-11945

A flaw was found in PostgreSQL Anonymizer. A local user with privileges to create JSON documents can embed malicious code within a specific key-value pair. If a superuser subsequently invokes the importdatabaserules or importrolesrules functions, this malicious code will be executed with superuse...

7.5CVSS5.5AI score0.00247EPSS
Exploits1References2
NVD
NVD
added 2026/06/11 5:16 p.m.17 views

CVE-2026-11945

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

7.5CVSS0.00247EPSS
Exploits1References1
CVE
CVE
added 2026/06/11 3:53 p.m.26 views

CVE-2026-11945

CVE-2026-11945 affects PostgreSQL Anonymizer. A local user who can create JSON documents can embed malicious code in a specific key–value pair, which is executed with superuser privileges if a superuser invokes import_database_rules() or import_roles_rules(). This leads to privilege escalation/po...

7.5CVSS5.6AI score0.00247EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/11 3:53 p.m.9 views

EUVD-2026-36266

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS5.5AI score0.00247EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.23 views

PT-2026-48676

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.1 Description An issue exists where a user can obtain superuser privileges by creating a JSON document containing malicious code within a specific key-value pair. This occurs when a superuser execute...

7.5CVSS5.5AI score0.00247EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

PostgreSQL Anonymizer SQL注入漏洞

PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a SQL injection vulnerability. This vulnerability arises from...

7.5CVSS5.7AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.14 views

CVE-2026-9617

A flaw was found in PostgreSQL Anonymizer. A user with specific table creation privileges can exploit this vulnerability by embedding malicious code within a column identifier when creating a table. If a superuser subsequently invokes the k-anonymity function, the embedded malicious code is...

8.8CVSS5.3AI score0.0025EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/27 1:55 p.m.11 views

EUVD-2026-32504

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS5.9AI score0.0025EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/27 1:55 p.m.9 views

CVE-2026-9617 PostgreSQL Anonymizer: malicious column name allows SQL injection via anon.k_anonymity() function

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS5.9AI score0.0025EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

PostgreSQL Anonymizer 安全漏洞

PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a security vulnerability that stems from allowing users to obtain...

8.8CVSS6AI score0.0025EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.20 views

PT-2026-43992

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.0 Description An issue allows a user to obtain superuser privileges by creating a table and embedding malicious code within a column identifier. When a superuser invokes the k-anonymity function, the...

8.8CVSS5.9AI score0.0025EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.6 views

Fedora 44 : postgresql16-anonymizer (2026-1ace5758de)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1ace5758de advisory. Updated to newest version fixing CVEs found in the previous one Tenable has extracted the preceding description block directly from the Fedora...

8CVSS5.8AI score0.00291EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-2361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing...

8CVSS5.7AI score0.00277EPSS
Exploits0References2
NVD
NVD
added 2026/02/11 6:16 p.m.9 views

CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

8CVSS0.00277EPSS
Exploits0References2
OSV
OSV
added 2026/02/11 6:16 p.m.4 views

UBUNTU-CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

8CVSS5.8AI score0.00277EPSS
Exploits0References3
Rows per page
Query Builder