52 matches found
SUSE-SU-2025:4370-1 Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgraded to 14.20: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...
postgresql: CREATE STATISTICS does not check for schema CREATE privilege
A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...
postgresql: CREATE STATISTICS does not check for schema CREATE privilege
A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...
Moderate: Red Hat Security Advisory: postgresql:15 security update
An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
CVE-2025-12817
A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...
PostgreSQL Multiple Vulnerabilities (Nov 2025) - Windows
PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...
CVE-2025-12817 PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...
Vulnerability in core server (CVE-2025-12817)
PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, fro...
EUVD-2022-5308
Malicious code in bioql PyPI...
Apache Derby SQL Injection
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode...
GHSA-V7CQ-PQ7V-MH5V Apache Derby SQL Injection
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode...
CVE-2006-7217
CVE-2006-7217 affects Apache Derby prior to 10.2.1.6. The vulnerability arises because the DropSchemaNode bind phase does not correctly enforce schema privilege requirements, allowing remote authenticated users to execute arbitrary DROP SCHEMA statements when SQL authorization mode is in effect. ...