CVE-2007-4639

Summary (CVE-2007-4639): EnterpriseDB Advanced Server 8.2 has a security weakness in handling certain debugging function calls that occur before a call to pldbg_create_listener. This can allow remote authenticated users to cause a denial of service (daemon crash) and potentially execute arbitrary...

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 stores unredacted passwords in logs when optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, despite redaction being configured via edb_filter_log.redact_password_commands. Affected versions and fixed targets are: 10.x bef...

CVE-2023-41117

CVE-2023-41117 affects EnterpriseDB Postgres Advanced Server (EPAS). The issue involves packages, standalone packages, and SECURITY DEFINER functions that are inadequately secured against search_path attacks in EPAS releases up to: 11.21.32, 12.x up to 12.16.20, 13.x up to 13.12.16, 14.x up to 14...

CVE-2023-41115

CVE-2023-41115 affects EnterpriseDB Postgres Advanced Server (EPAS). The issue arises in the UTL_ENCODE function: authenticated users can read large objects regardless of permissions due to improper permission validation. Affected EPAS/EDB versions include 11.x up to 15.x before the stated fixes ...

CVE-2023-41116

CVE-2023-41116 affects EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. An authenticated user can refresh any materialized view, bypassing permissions due to improper permission validation when us...

CVE-2023-41120

CVE-2023-41120 affects EnterpriseDB Postgres Advanced Server (EPAS) and EDB Postgres Advanced Server variants. A flaw in DBMS_PROFILER allows an authenticated user to remove all accumulated profiling data on a system-wide basis, bypassing permissions. Affected versions include EPAS before 11.21.3...

CVE-2023-41118

CVE-2023-41118 affects EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.x prior to 12.16.20, 13.x prior to 13.12.16, 14.x prior to 14.9.0, and 15.x prior to 15.4.0. An authenticated user can bypass authorization when a superuser has configured file locations with CREATE DIRECTOR...

CVE-2023-41113

CVE-2023-41113 (EPAS) is confirmed in multiple security bulletins as an information-disclosure vulnerability in EnterpriseDB Postgres Advanced Server. A remote authenticated attacker could enumerate the existence of files on disk and glean limited content information when a superuser configures f...

CVE-2023-41114

CVE-2023-41114 affects EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.x prior to 12.16.20, 13.x prior to 13.12.16, 14.x prior to 14.9.0, and 15.x prior to 15.4.0. The vulnerability stems from publicly executable functions get_url_as_text and get_url_as_bytea, enabling an authe...

CVE-2023-41119

The CVE-2023-41119 issue affects EnterpriseDB Postgres Advanced Server (EPAS) due to the function _dbms_aq_move_to_exception_queue, which can be used to elevate a user’s privileges to superuser by operating on a table’s OID with superuser rights. Affected EPAS versions are: 11.x before 11.21.32; ...