Lucene search
K

101 matches found

Prion
Prion
added 2023/12/12 7:15 a.m.15 views

Code injection

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions...

4CVSS6.9AI score0.00446EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/12 7:15 a.m.19 views

Code injection

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMSPROFILER to remove all accumulated profiling data on a system-wide basis,...

4CVSS6.9AI score0.00526EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/12 7:15 a.m.27 views

Authorization

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

6.5CVSS7AI score0.00772EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.8 views

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that stems from the fact that an authenticated user can read any large object when...

6.5CVSS6.6AI score0.00589EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.6 views

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from allowing authenticated users to access certain information...

4.3CVSS6.6AI score0.00474EPSS
Exploits0References2
CVE
CVE
added 2023/12/12 12:0 a.m.37 views

CVE-2023-41118

CVE-2023-41118 affects EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.x prior to 12.16.20, 13.x prior to 13.12.16, 14.x prior to 14.9.0, and 15.x prior to 15.4.0. An authenticated user can bypass authorization when a superuser has configured file locations with CREATE DIRECTOR...

8.8CVSS8.4AI score0.00772EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.6 views

PT-2023-27802 · Enterprisedb · Enterprisedb Postgres Advanced Server

Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server EPAS versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server EPAS versions 12.x prior to 12.16.20 EnterpriseDB Postgres Advanced Server EPAS versions 13.x prior to 13.12.16 EnterpriseDB Postgres...

8.8CVSS8.6AI score0.00625EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/12/12 12:0 a.m.15 views

CVE-2023-41115

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...

6.5CVSS6.7AI score0.00589EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.5 views

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that stems from the inclusion of the function dbmsaqmovetoexceptionqueue, which can...

8.8CVSS6.8AI score0.00625EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.25 views

CVE-2023-41114

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions geturlastext and geturlasbytea that are publicly executable, thus permitting an authenticated us...

6.5CVSS6.5AI score0.00589EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.41 views

CVE-2023-41115

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...

6.5CVSS6.6AI score0.00589EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.6 views

PT-2023-27804 · Enterprisedb · Enterprisedb Postgres Advanced Server

Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server EPAS versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server EPAS versions 12.x prior to 12.16.20 EnterpriseDB Postgres Advanced Server EPAS versions 13.x prior to 13.12.16 EnterpriseDB Postgres...

6.5CVSS6.3AI score0.00526EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.28 views

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

4.3CVSS4.7AI score0.00474EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.34 views

CVE-2023-41120

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMSPROFILER to remove all accumulated profiling data on a system-wide basis,...

6.5CVSS6.6AI score0.00526EPSS
Exploits0References1
CVE
CVE
added 2023/12/12 12:0 a.m.33 views

CVE-2023-41119

The CVE-2023-41119 issue affects EnterpriseDB Postgres Advanced Server (EPAS) due to the function _dbms_aq_move_to_exception_queue, which can be used to elevate a user’s privileges to superuser by operating on a table’s OID with superuser rights. Affected EPAS versions are: 11.x before 11.21.32; ...

8.8CVSS8.5AI score0.00625EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/12 12:0 a.m.35 views

CVE-2023-41114

CVE-2023-41114 affects EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.x prior to 12.16.20, 13.x prior to 13.12.16, 14.x prior to 14.9.0, and 15.x prior to 15.4.0. The vulnerability stems from publicly executable functions get_url_as_text and get_url_as_bytea, enabling an authe...

6.5CVSS6.3AI score0.00589EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/12 12:0 a.m.35 views

CVE-2023-41113

CVE-2023-41113 (EPAS) is confirmed in multiple security bulletins as an information-disclosure vulnerability in EnterpriseDB Postgres Advanced Server. A remote authenticated attacker could enumerate the existence of files on disk and glean limited content information when a superuser configures f...

4.3CVSS4.3AI score0.00474EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.23 views

CVE-2023-41116

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions...

4.3CVSS4.9AI score0.00446EPSS
Exploits0References1
CVE
CVE
added 2023/12/12 12:0 a.m.37 views

CVE-2023-41115

CVE-2023-41115 affects EnterpriseDB Postgres Advanced Server (EPAS). The issue arises in the UTL_ENCODE function: authenticated users can read large objects regardless of permissions due to improper permission validation. Affected EPAS/EDB versions include 11.x up to 15.x before the stated fixes ...

6.5CVSS6.3AI score0.00589EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.4 views

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from allowing an authenticated user to refresh any materialized vie...

4.3CVSS6.7AI score0.00446EPSS
Exploits0References2
Rows per page
Query Builder