EnterpriseDB Hybrid Manager - LTS 安全漏洞

EnterpriseDB Hybrid Manager - LTS is a hybrid cloud management software from EnterpriseDB, Inc. A security vulnerability exists in EnterpriseDB Hybrid Manager - LTS that originates from unauthorized access to a gRPC endpoint and could result in a data disclosure or denial of service...

EUVD-2023-45634

Malicious code in bioql PyPI...

EUVD-2023-45639

Malicious code in bioql PyPI...

EUVD-2023-45633

Malicious code in bioql PyPI...

EUVD-2023-45638

Malicious code in bioql PyPI...

EUVD-2023-45635

Malicious code in bioql PyPI...

EUVD-2023-45632

Malicious code in bioql PyPI...

EUVD-2023-45636

Malicious code in bioql PyPI...

EUVD-2023-35380

Malicious code in bioql PyPI...

EUVD-2024-44157

Malicious code in bioql PyPI...

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

CVE-2023-41120

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMSPROFILER to remove all accumulated profiling data on a system-wide basis,...

CVE-2023-41118

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

CVE-2023-41119

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...

CVE-2023-41114

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions geturlastext and geturlasbytea that are publicly executable, thus permitting an authenticated us...

CVE-2023-41116

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions...

CVE-2023-41117

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against...

CVE-2023-41115

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...

RHSA-2007:0895 Red Hat Security Advisory: EnterpriseDB security update

Bulletin has no description...

CVE-2024-4545

All versions of EnterpriseDB Postgres Advanced Server EPAS from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pgreadserverfiles. This could allow low privilege users to read files to which they would not otherwise have access...