1152 matches found
CVE-2023-41116
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions...
EnterpriseDB Postgres Advanced Server Security Vulnerability
EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from allowing authenticated users to bypass authorization...
PT-2023-27800 · Enterprisedb · Enterprisedb Postgres Advanced Server
Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server versions prior to 12.16.20 EnterpriseDB Postgres Advanced Server versions prior to 13.12.16 EnterpriseDB Postgres Advanced Server versions...
PT-2023-27802 · Enterprisedb · Enterprisedb Postgres Advanced Server
Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server EPAS versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server EPAS versions 12.x prior to 12.16.20 EnterpriseDB Postgres Advanced Server EPAS versions 13.x prior to 13.12.16 EnterpriseDB Postgres...
CVE-2023-41113
CVE-2023-41113 (EPAS) is confirmed in multiple security bulletins as an information-disclosure vulnerability in EnterpriseDB Postgres Advanced Server. A remote authenticated attacker could enumerate the existence of files on disk and glean limited content information when a superuser configures f...
CVE-2023-41114
CVE-2023-41114 affects EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.x prior to 12.16.20, 13.x prior to 13.12.16, 14.x prior to 14.9.0, and 15.x prior to 15.4.0. The vulnerability stems from publicly executable functions get_url_as_text and get_url_as_bytea, enabling an authe...
CVE-2023-41116
CVE-2023-41116 affects EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. An authenticated user can refresh any materialized view, bypassing permissions due to improper permission validation when us...
CVE-2023-41119
The CVE-2023-41119 issue affects EnterpriseDB Postgres Advanced Server (EPAS) due to the function _dbms_aq_move_to_exception_queue, which can be used to elevate a user’s privileges to superuser by operating on a table’s OID with superuser rights. Affected EPAS versions are: 11.x before 11.21.32; ...
CVE-2023-41115
CVE-2023-41115 affects EnterpriseDB Postgres Advanced Server (EPAS). The issue arises in the UTL_ENCODE function: authenticated users can read large objects regardless of permissions due to improper permission validation. Affected EPAS/EDB versions include 11.x up to 15.x before the stated fixes ...
CVE-2023-41119
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...
CVE-2023-41117
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against...
EnterpriseDB Postgres Advanced Server Security Vulnerability
EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. It is used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from the inclusion of packages, standalone packages, and...
CVE-2023-41115
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...
CVE-2023-41120
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMSPROFILER to remove all accumulated profiling data on a system-wide basis,...
CVE-2023-41118
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...
CVE-2023-41120
CVE-2023-41120 affects EnterpriseDB Postgres Advanced Server (EPAS) and EDB Postgres Advanced Server variants. A flaw in DBMS_PROFILER allows an authenticated user to remove all accumulated profiling data on a system-wide basis, bypassing permissions. Affected versions include EPAS before 11.21.3...
CVE-2023-41117
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against...
postgresql:13 security update
An update is available for pgrepack, module.pgaudit, postgres-decoderbufs, module.pgrepack, module.postgres-decoderbufs, pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
postgresql:13 security update
pgaudit pgrepack postgres-decoderbufs postgresql 13.13-1.0.1 - Fixed postgresql port binding issue during bootup Orabug: 35103668 13.13-1 - Update to 13.13 - Fixes: CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 - Resolves: RHEL-16085 RHEL-16123...
piccolo SQL Injection via named transaction savepoints
Summary The handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection as user provided input is passed directly to connection.execute... via f-strings. Details An excerpt of the Postgres savepoint handling: python async def savepointself, name:...