8 matches found
EUVD-2023-45635
Malicious code in bioql PyPI...
CVE-2023-41119
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...
CVE-2023-41114
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions geturlastext and geturlasbytea that are publicly executable, thus permitting an authenticated us...
Authorization
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...
Code injection
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMSPROFILER to remove all accumulated profiling data on a system-wide basis,...
CVE-2023-41119
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...
CVE-2023-41113
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...
CVE-2023-41119
The CVE-2023-41119 issue affects EnterpriseDB Postgres Advanced Server (EPAS) due to the function _dbms_aq_move_to_exception_queue, which can be used to elevate a user’s privileges to superuser by operating on a table’s OID with superuser rights. Affected EPAS versions are: 11.x before 11.21.32; ...