Lucene search
K

101 matches found

CNNVD
CNNVD
added 2023/12/12 12:0 a.m.6 views

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from the inclusion of the publicly executable functions geturlastex...

6.5CVSS6.5AI score0.00589EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.29 views

CVE-2023-41119

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...

8.8CVSS8.8AI score0.00625EPSS
Exploits0References1
CVE
CVE
added 2023/12/12 12:0 a.m.39 views

CVE-2023-41120

CVE-2023-41120 affects EnterpriseDB Postgres Advanced Server (EPAS) and EDB Postgres Advanced Server variants. A flaw in DBMS_PROFILER allows an authenticated user to remove all accumulated profiling data on a system-wide basis, bypassing permissions. Affected versions include EPAS before 11.21.3...

6.5CVSS6.3AI score0.00526EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.41 views

CVE-2023-41118

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

8.8AI score0.00772EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.7 views

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from allowing authenticated users to access certain information...

4.3CVSS6.6AI score0.00474EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.6 views

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. It is used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from the inclusion of packages, standalone packages, and...

9.8CVSS6.8AI score0.00759EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/12/12 12:0 a.m.8 views

CVE-2023-41117

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against...

8.8CVSS6.8AI score0.00759EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.42 views

CVE-2023-41117

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against...

8.8CVSS9.6AI score0.00759EPSS
Exploits0References1
NVD
NVD
added 2023/04/23 8:15 p.m.24 views

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

7.5CVSS7.5AI score0.0043EPSS
Exploits0References5
Prion
Prion
added 2023/04/23 8:15 p.m.21 views

Code injection

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

5CVSS7.5AI score0.0043EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/04/23 12:0 a.m.42 views

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 stores unredacted passwords in logs when optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, despite redaction being configured via edb_filter_log.redact_password_commands. Affected versions and fixed targets are: 10.x bef...

7.5CVSS7.5AI score0.0043EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2023/04/23 12:0 a.m.4 views

EnterpriseDB EDB Postgres Advanced Server 安全漏洞

EnterpriseDB EDB Postgres Advanced Server is the core database product for EDB from EnterpriseDB, Inc. A security vulnerability exists in EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 14.6.0, which stems from an unedited password being logged when the optional parameter is used...

7.5CVSS7.3AI score0.0043EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/04/23 12:0 a.m.25 views

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

7.7AI score0.0043EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/03/19 7:15 p.m.47 views

CVE-2019-10128

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a...

7.8AI score0.00428EPSS
Exploits1References3
CVE
CVE
added 2021/03/19 7:15 p.m.147 views

CVE-2019-10128

CVE-2019-10128 affects PostgreSQL 11.x before 11.3 (and earlier 10.x, 9.6.x, 9.5.x, 9.4.x) installed via EnterpriseDB/BigSQL Windows installers. Root cause: the Windows installer does not lock down ACLs on the binary installation directory or data directory, inheriting permissions. In the default...

7.8CVSS7.7AI score0.00428EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2021/03/19 7:15 p.m.46 views

CVE-2019-10128

Removed by vendor...

7.8CVSS6.8AI score0.00428EPSS
Exploits1
CNVD
CNVD
added 2019/08/12 12:0 a.m.16 views

Unspecified Vulnerability in PostgreSQL

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A security vulnerability exists in the EnterpriseDB Windows install...

9.8CVSS7.5AI score0.01866EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2019/08/08 12:0 a.m.82 views

KLA11539 Multiple vulnerabilities in PostgreSQL

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A vulnerability in PostgreSQL can be exploited to execute...

9.8CVSS8.3AI score0.0217EPSS
Exploits0References3
PostrgeSql
PostrgeSql
added 2019/08/08 12:0 a.m.148 views

Vulnerability in packaging (CVE-2019-10210)

Windows installer writes superuser password to unprotected temporary file The EnterpriseDB Windows installer writes a password to a temporary file in its installation directory, creates initial databases, and deletes the file. During those seconds while the file exists, a local attacker can read...

7CVSS6.5AI score0.00385EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2019/08/01 12:0 a.m.66 views

PostgreSQL 9.4.x < 9.4.22, 9.5.x < 9.5.17, 9.6.x < 9.6.13, 10.x < 10.8, 11.x < 11.3 Code Execution Vulnerability - Windows

PostgreSQL is prone to an arbitrary code execution vulnerability due to BigSQL and EnterpriseDB Windows installer not clearing permissive ACL entries. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...

8.8CVSS8.5AI score0.00428EPSS
Exploits1References1
Rows per page
Query Builder