Lucene search
K

37 matches found

NVD
NVD
added 2023/12/12 7:15 a.m.25 views

CVE-2023-41114

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions geturlastext and geturlasbytea that are publicly executable, thus permitting an authenticated us...

6.5CVSS0.00589EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/12/12 7:15 a.m.5 views

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

4.3CVSS5.8AI score0.00474EPSS
Exploits0References2
OSV
OSV
added 2023/12/12 7:15 a.m.5 views

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

4.3CVSS5.8AI score0.00474EPSS
Exploits0References1
Prion
Prion
added 2023/12/12 7:15 a.m.20 views

Command injection

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...

6.5CVSS7.1AI score0.00625EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/12 7:15 a.m.18 views

Code injection

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMSPROFILER to remove all accumulated profiling data on a system-wide basis,...

4CVSS6.9AI score0.00526EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/12 7:15 a.m.26 views

Authorization

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

6.5CVSS7AI score0.00772EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.8 views

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that stems from the fact that an authenticated user can read any large object when...

6.5CVSS6.6AI score0.00589EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.6 views

PT-2023-27802 · Enterprisedb · Enterprisedb Postgres Advanced Server

Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server EPAS versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server EPAS versions 12.x prior to 12.16.20 EnterpriseDB Postgres Advanced Server EPAS versions 13.x prior to 13.12.16 EnterpriseDB Postgres...

8.8CVSS8.6AI score0.00625EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.28 views

CVE-2023-41119

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...

8.8CVSS8.8AI score0.00625EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.41 views

CVE-2023-41115

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...

6.5CVSS6.6AI score0.00589EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/12 12:0 a.m.8 views

CVE-2023-41117

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against...

8.8CVSS6.8AI score0.00759EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.28 views

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

4.3CVSS4.7AI score0.00474EPSS
Exploits0References1
CVE
CVE
added 2023/12/12 12:0 a.m.33 views

CVE-2023-41119

The CVE-2023-41119 issue affects EnterpriseDB Postgres Advanced Server (EPAS) due to the function _dbms_aq_move_to_exception_queue, which can be used to elevate a user’s privileges to superuser by operating on a table’s OID with superuser rights. Affected EPAS versions are: 11.x before 11.21.32; ...

8.8CVSS8.5AI score0.00625EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.4 views

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from allowing an authenticated user to refresh any materialized vie...

4.3CVSS6.7AI score0.00446EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.6 views

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from the inclusion of the publicly executable functions geturlastex...

6.5CVSS6.5AI score0.00589EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/23 12:0 a.m.4 views

EnterpriseDB EDB Postgres Advanced Server 安全漏洞

EnterpriseDB EDB Postgres Advanced Server is the core database product for EDB from EnterpriseDB, Inc. A security vulnerability exists in EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 14.6.0, which stems from an unedited password being logged when the optional parameter is used...

7.5CVSS7.3AI score0.0043EPSS
Exploits0References6
Saint
Saint
added 2011/03/21 12:0 a.m.48 views

EnterpriseDB PostgreSQL Plus Advanced Server DBA Management Server Authentication Bypass

Added: 03/21/2011 BID: 46662 Background Postgres Plus Advanced Server is an enterprise database solution. It includes several productivity tools, such as Migration Studio, Postgres Studio, DBA Management Server, and DBA Monitoring Console. Problem An authentication bypass vulnerability exists in...

7.4AI score
Exploits0
Rows per page
Query Builder