Lucene search
K

92 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 8:15 p.m.8 views

CVE-2026-13455

A flaw was found in PostgreSQL Anonymizer. Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows an attacker to perform an offline brute-force attack to deduce the salt, potentially leading to information disclosure. Mitigation...

4.3CVSS5.6AI score0.00118EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 4:16 p.m.8 views

CVE-2026-13455

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...

4.3CVSS0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 3:19 p.m.35 views

CVE-2026-13455

PostgreSQL Anonymizer contains a vulnerability in the anon.hash() function where unprivileged masked users can repeatedly call anon.hash(), collecting (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. Affected component: PostgreSQL Anonymizer. Root cause: exp...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/30 3:19 p.m.2 views

CVE-2026-13455 PostgreSQL Anonymizer: Unrestricted function can leak the secret salt

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...

4.3CVSS6AI score0.00118EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:19 p.m.29 views

CVE-2026-13455

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53898

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.2 Description Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows for an offline brute-force attack to deduce the salt...

4.3CVSS5.9AI score0.00118EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/12 9:28 a.m.12 views

CVE-2026-11945

A flaw was found in PostgreSQL Anonymizer. A local user with privileges to create JSON documents can embed malicious code within a specific key-value pair. If a superuser subsequently invokes the importdatabaserules or importrolesrules functions, this malicious code will be executed with superuse...

7.5CVSS5.5AI score0.00247EPSS
Exploits1References2
NVD
NVD
added 2026/06/11 5:16 p.m.17 views

CVE-2026-11945

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

7.5CVSS0.00247EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/11 3:53 p.m.37 views

CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS0.00247EPSS
Exploits1References1
CVE
CVE
added 2026/06/11 3:53 p.m.26 views

CVE-2026-11945

CVE-2026-11945 affects PostgreSQL Anonymizer. A local user who can create JSON documents can embed malicious code in a specific key–value pair, which is executed with superuser privileges if a superuser invokes import_database_rules() or import_roles_rules(). This leads to privilege escalation/po...

7.5CVSS5.6AI score0.00247EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 3:53 p.m.9 views

CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS5.5AI score0.00247EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/11 3:53 p.m.9 views

EUVD-2026-36266

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS5.5AI score0.00247EPSS
Exploits1References1
OSV
OSV
added 2026/06/11 3:53 p.m.2 views

CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS6AI score0.00247EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.23 views

PT-2026-48676

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.1 Description An issue exists where a user can obtain superuser privileges by creating a JSON document containing malicious code within a specific key-value pair. This occurs when a superuser execute...

7.5CVSS5.5AI score0.00247EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

PostgreSQL Anonymizer SQL注入漏洞

PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a SQL injection vulnerability. This vulnerability arises from...

7.5CVSS5.7AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.14 views

CVE-2026-9617

A flaw was found in PostgreSQL Anonymizer. A user with specific table creation privileges can exploit this vulnerability by embedding malicious code within a column identifier when creating a table. If a superuser subsequently invokes the k-anonymity function, the embedded malicious code is...

8.8CVSS5.3AI score0.0025EPSS
Exploits1References2
NVD
NVD
added 2026/05/27 2:17 p.m.21 views

CVE-2026-9617

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

8.8CVSS0.0025EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/27 1:55 p.m.48 views

CVE-2026-9617 PostgreSQL Anonymizer: malicious column name allows SQL injection via anon.k_anonymity() function

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS0.0025EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:55 p.m.10 views

CVE-2026-9617

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS5.9AI score0.0025EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/27 1:55 p.m.11 views

EUVD-2026-32504

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS5.9AI score0.0025EPSS
Exploits1References1
Rows per page
Query Builder