92 matches found
CVE-2026-13455
A flaw was found in PostgreSQL Anonymizer. Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows an attacker to perform an offline brute-force attack to deduce the salt, potentially leading to information disclosure. Mitigation...
CVE-2026-13455
PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...
CVE-2026-13455
PostgreSQL Anonymizer contains a vulnerability in the anon.hash() function where unprivileged masked users can repeatedly call anon.hash(), collecting (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. Affected component: PostgreSQL Anonymizer. Root cause: exp...
CVE-2026-13455 PostgreSQL Anonymizer: Unrestricted function can leak the secret salt
PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...
CVE-2026-13455
PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...
PT-2026-53898
Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.2 Description Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows for an offline brute-force attack to deduce the salt...
CVE-2026-11945
A flaw was found in PostgreSQL Anonymizer. A local user with privileges to create JSON documents can embed malicious code within a specific key-value pair. If a superuser subsequently invokes the importdatabaserules or importrolesrules functions, this malicious code will be executed with superuse...
CVE-2026-11945
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...
CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...
CVE-2026-11945
CVE-2026-11945 affects PostgreSQL Anonymizer. A local user who can create JSON documents can embed malicious code in a specific key–value pair, which is executed with superuser privileges if a superuser invokes import_database_rules() or import_roles_rules(). This leads to privilege escalation/po...
CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...
EUVD-2026-36266
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...
CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...
PT-2026-48676
Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.1 Description An issue exists where a user can obtain superuser privileges by creating a JSON document containing malicious code within a specific key-value pair. This occurs when a superuser execute...
PostgreSQL Anonymizer SQL注入漏洞
PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a SQL injection vulnerability. This vulnerability arises from...
CVE-2026-9617
A flaw was found in PostgreSQL Anonymizer. A user with specific table creation privileges can exploit this vulnerability by embedding malicious code within a column identifier when creating a table. If a superuser subsequently invokes the k-anonymity function, the embedded malicious code is...
CVE-2026-9617
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...
CVE-2026-9617 PostgreSQL Anonymizer: malicious column name allows SQL injection via anon.k_anonymity() function
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...
CVE-2026-9617
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...
EUVD-2026-32504
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...