Approved changes feed: RSS · Atom

cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorEnterprisedb (788c5be5-c3bc-5186-8634-02d14556d9dc)
ProductPostgres Advanced Server (207a95cb-f762-5565-b1ae-5a6e2af4456f)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-41120 vulnerable 2026-06-08 06:11:05.361980 Details available
MEDIUM (6.5)
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user's permissions.
Published: 2023-12-12T00:00:00.000Z
Updated: 2024-08-02T18:54:04.516Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-41119 vulnerable 2026-06-08 06:11:05.361679 Details available
HIGH (8.8)
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.
Published: 2023-12-12T00:00:00.000Z
Updated: 2024-08-02T18:54:03.525Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-41118 vulnerable 2026-06-08 06:11:05.361259 Details available
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete.
Published: 2023-12-12T00:00:00.000Z
Updated: 2024-11-26T17:07:36.002Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-41117 vulnerable 2026-06-08 06:11:05.360725 Details available
HIGH (8.8)
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
Published: 2023-12-12T00:00:00.000Z
Updated: 2025-05-27T14:38:38.603Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-41116 vulnerable 2026-06-08 06:11:05.360326 Details available
MEDIUM (4.3)
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions.
Published: 2023-12-12T00:00:00.000Z
Updated: 2024-08-02T18:54:02.990Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-41115 vulnerable 2026-06-08 06:11:05.359837 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-41114 vulnerable 2026-06-08 06:11:05.359309 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-41113 vulnerable 2026-06-08 06:11:05.358689 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-31043 vulnerable 2026-06-08 06:04:41.717848 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.