K000160290: PostgreSQL vulnerability CVE-2025-12817

Security Advisory Description Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, woul...

postgresql: CREATE STATISTICS does not check for schema CREATE privilege

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

postgresql: CREATE STATISTICS does not check for schema CREATE privilege

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

RHEL 8 : postgresql:15 (RHSA-2026:0266)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0266 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: CREATE STATISTICS does not check fo...

Moderate: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

postgresql: CREATE STATISTICS does not check for schema CREATE privilege

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

Moderate: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

postgresql: CREATE STATISTICS does not check for schema CREATE privilege

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

TencentOS Server 4: postgresql (TSSA-2025:0892)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0892 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the CREATE STATISTICS command. A table owner can exploit this vulnerability by creating a statistics object in an arbitrary schema, blocking other users with valid CREATE privileges from creating a statistics...