Postgres Advanced Server
Approved changes feed: RSS · Atom
cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Enterprisedb (788c5be5-c3bc-5186-8634-02d14556d9dc) |
|---|---|
| Product | Postgres Advanced Server (207a95cb-f762-5565-b1ae-5a6e2af4456f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-41120 |
vulnerable | 2026-06-08 06:11:05.361980 |
Details available
MEDIUM (6.5)
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user's permissions.
Published: 2023-12-12T00:00:00.000Z
Updated: 2024-08-02T18:54:04.516Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41119 |
vulnerable | 2026-06-08 06:11:05.361679 |
Details available
HIGH (8.8)
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.
Published: 2023-12-12T00:00:00.000Z
Updated: 2024-08-02T18:54:03.525Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41118 |
vulnerable | 2026-06-08 06:11:05.361259 |
Details available
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete.
Published: 2023-12-12T00:00:00.000Z
Updated: 2024-11-26T17:07:36.002Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41117 |
vulnerable | 2026-06-08 06:11:05.360725 |
Details available
HIGH (8.8)
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
Published: 2023-12-12T00:00:00.000Z
Updated: 2025-05-27T14:38:38.603Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41116 |
vulnerable | 2026-06-08 06:11:05.360326 |
Details available
MEDIUM (4.3)
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions.
Published: 2023-12-12T00:00:00.000Z
Updated: 2024-08-02T18:54:02.990Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41115 |
vulnerable | 2026-06-08 06:11:05.359837 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41114 |
vulnerable | 2026-06-08 06:11:05.359309 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41113 |
vulnerable | 2026-06-08 06:11:05.358689 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-31043 |
vulnerable | 2026-06-08 06:04:41.717848 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.