Lucene search
+L

52 matches found

OSV
OSV
added 2025/12/11 7:3 p.m.3 views

SUSE-SU-2025:4370-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgraded to 14.20: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...

5.9CVSS7.1AI score0.00332EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/10 9:59 a.m.7 views

postgresql: CREATE STATISTICS does not check for schema CREATE privilege

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

3.1CVSS5.7AI score0.00222EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/10 9:44 a.m.4 views

postgresql: CREATE STATISTICS does not check for schema CREATE privilege

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

3.1CVSS5.7AI score0.00222EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/04 7:59 a.m.8 views

Moderate: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

5.9CVSS6.3AI score0.00332EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/17 7:33 a.m.4 views

CVE-2025-12817

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

4.3CVSS6.8AI score0.00222EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/11/17 12:0 a.m.1 views

PostgreSQL Multiple Vulnerabilities (Nov 2025) - Windows

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

5.9CVSS7.5AI score0.00332EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/13 1:0 p.m.17 views

CVE-2025-12817 PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

3.1CVSS0.00222EPSS
Exploits0References1
PostrgeSql
PostrgeSql
added 2025/11/13 12:0 a.m.44 views

Vulnerability in core server (CVE-2025-12817)

PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, fro...

3.1CVSS5.8AI score0.00222EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-5308

Malicious code in bioql PyPI...

4CVSS8.9AI score0.01953EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/05/01 7:45 a.m.30 views

Apache Derby SQL Injection

Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode...

4CVSS7.8AI score0.01953EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/01 7:45 a.m.30 views

GHSA-V7CQ-PQ7V-MH5V Apache Derby SQL Injection

Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode...

4CVSS9.2AI score0.01953EPSS
Exploits0References7
CVE
CVE
added 2007/07/05 8:0 p.m.63 views

CVE-2006-7217

CVE-2006-7217 affects Apache Derby prior to 10.2.1.6. The vulnerability arises because the DropSchemaNode bind phase does not correctly enforce schema privilege requirements, allowing remote authenticated users to execute arbitrary DROP SCHEMA statements when SQL authorization mode is in effect. ...

4CVSS7.3AI score0.01953EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder