16 matches found
postgresql: CREATE STATISTICS does not check for schema CREATE privilege
A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...
postgresql: CREATE STATISTICS does not check for schema CREATE privilege
A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...
postgresql: CREATE STATISTICS does not check for schema CREATE privilege
A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...
postgresql: CREATE STATISTICS does not check for schema CREATE privilege
A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...
postgresql: CREATE STATISTICS does not check for schema CREATE privilege
A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...
ALPINE-CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...
UBUNTU-CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...
CVE-2025-12817
CVE-2025-12817 is addressed in multiple PostgreSQL security advisories. The issue is missing authorization in CREATE STATISTICS, allowing a table owner to cause denial of service for other CREATE STATISTICS users by creating in any schema; a subsequent CREATE STATISTICS using the same name can fa...
SUSE-SU-2024:2262-2 Security update for postgresql14
This update for postgresql14 fixes the following issues: - Upgrade to 14.12 bsc1224051: - CVE-2024-4317: Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. See release notes for the steps that have to be taken to fix existing PostgreSQL instances. bsc1224038...
MGASA-2024-0184 Updated postgresql15 & postgresql13 packages fix security vulnerability
Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. CVE-2024-4317...
PostgreSQL Anonymizer Security Vulnerability
PostgreSQL Anonymizer is an extension for masking or replacing personally identifiable information PII or commercially sensitive data in PostgreSQL databases. A security vulnerability exists in PostgreSQL Anonymizer version v1.2 that originates from allowing a user who owns a table to be promoted...
PT-2024-2088 · Unknown · Postgresql Anonymizer
Name of the Vulnerable Software and Affected Versions: PostgreSQL Anonymizer version 1.2 Description: The issue allows a user who owns a table to elevate to superuser by defining a masking function for a column and placing malicious code in that function. When a privileged user applies the maskin...
PostgreSQL Anonymizer Security Vulnerability
PostgreSQL Anonymizer is an extension for masking or replacing personally identifiable information PII or commercially sensitive data in PostgreSQL databases. A security vulnerability exists in PostgreSQL Anonymizer version v1.2 that originates from allowing a user who owns a table to be promoted...
PT-2024-2087 · Unknown · Postgresql Anonymizer
Name of the Vulnerable Software and Affected Versions: PostgreSQL Anonymizer version 1.2 Description: The issue is related to a SQL injection vulnerability in PostgreSQL Anonymizer. This vulnerability allows a user who owns a table to elevate their privileges to superuser when dynamic masking is...
CVE-2007-6600
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...