101 matches found
EnterpriseDB Postgres Advanced Server Security Vulnerability
EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from the inclusion of the publicly executable functions geturlastex...
CVE-2023-41119
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...
CVE-2023-41120
CVE-2023-41120 affects EnterpriseDB Postgres Advanced Server (EPAS) and EDB Postgres Advanced Server variants. A flaw in DBMS_PROFILER allows an authenticated user to remove all accumulated profiling data on a system-wide basis, bypassing permissions. Affected versions include EPAS before 11.21.3...
CVE-2023-41118
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...
EnterpriseDB Postgres Advanced Server Security Vulnerability
EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from allowing authenticated users to access certain information...
EnterpriseDB Postgres Advanced Server Security Vulnerability
EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. It is used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from the inclusion of packages, standalone packages, and...
CVE-2023-41117
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against...
CVE-2023-41117
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
Code injection
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 stores unredacted passwords in logs when optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, despite redaction being configured via edb_filter_log.redact_password_commands. Affected versions and fixed targets are: 10.x bef...
EnterpriseDB EDB Postgres Advanced Server 安全漏洞
EnterpriseDB EDB Postgres Advanced Server is the core database product for EDB from EnterpriseDB, Inc. A security vulnerability exists in EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 14.6.0, which stems from an unedited password being logged when the optional parameter is used...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
CVE-2019-10128
A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a...
CVE-2019-10128
CVE-2019-10128 affects PostgreSQL 11.x before 11.3 (and earlier 10.x, 9.6.x, 9.5.x, 9.4.x) installed via EnterpriseDB/BigSQL Windows installers. Root cause: the Windows installer does not lock down ACLs on the binary installation directory or data directory, inheriting permissions. In the default...
CVE-2019-10128
Removed by vendor...
Unspecified Vulnerability in PostgreSQL
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A security vulnerability exists in the EnterpriseDB Windows install...
KLA11539 Multiple vulnerabilities in PostgreSQL
Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A vulnerability in PostgreSQL can be exploited to execute...
Vulnerability in packaging (CVE-2019-10210)
Windows installer writes superuser password to unprotected temporary file The EnterpriseDB Windows installer writes a password to a temporary file in its installation directory, creates initial databases, and deletes the file. During those seconds while the file exists, a local attacker can read...
PostgreSQL 9.4.x < 9.4.22, 9.5.x < 9.5.17, 9.6.x < 9.6.13, 10.x < 10.8, 11.x < 11.3 Code Execution Vulnerability - Windows
PostgreSQL is prone to an arbitrary code execution vulnerability due to BigSQL and EnterpriseDB Windows installer not clearing permissive ACL entries. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...