29 matches found
CVE-2023-41115
CVE-2023-41115 affects EnterpriseDB Postgres Advanced Server (EPAS). The issue arises in the UTL_ENCODE function: authenticated users can read large objects regardless of permissions due to improper permission validation. Affected EPAS/EDB versions include 11.x up to 15.x before the stated fixes ...
EnterpriseDB Postgres Advanced Server Security Vulnerability
EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. It is used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from the inclusion of packages, standalone packages, and...
CVE-2023-41113
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...
CVE-2023-41120
CVE-2023-41120 affects EnterpriseDB Postgres Advanced Server (EPAS) and EDB Postgres Advanced Server variants. A flaw in DBMS_PROFILER allows an authenticated user to remove all accumulated profiling data on a system-wide basis, bypassing permissions. Affected versions include EPAS before 11.21.3...
CVE-2023-41119
The CVE-2023-41119 issue affects EnterpriseDB Postgres Advanced Server (EPAS) due to the function _dbms_aq_move_to_exception_queue, which can be used to elevate a user’s privileges to superuser by operating on a table’s OID with superuser rights. Affected EPAS versions are: 11.x before 11.21.32; ...
EnterpriseDB Postgres Advanced Server Security Vulnerability
EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from the inclusion of the publicly executable functions geturlastex...
EnterpriseDB Postgres Advanced Server Security Vulnerability
EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from allowing authenticated users to access certain information...
PT-2023-23120 · Enterprisedb · Edb Postgres Advanced Server
Name of the Vulnerable Software and Affected Versions: EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 10.23.33 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 11.18.29 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 12.13.17 EnterpriseDB EDB...
Security Bulletin: EDB PostreSQL with IBM, EDB Postgres Advanced Server with IBM, IBM Data Management Platform (Enterprise, Standard) are vulnerable to an SQL Injection (CVE-2021-23214)
Summary EDB PostreSQL with IBM and EDB Postgres Advanced Server with IBM are vulnerable to an SQL Injection Vulnerability Details CVEID: CVE-2021-23214 DESCRIPTION: PostgreSQL is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements when the server is configur...