Description
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple HTML Injection Vulnerabilities (1.9.0)
WordPress Plugin BuddyPress Cover Arbitrary File Upload (2.1.4.2)
MySQL CVE-2013-1506 Vulnerability (CVE-2013-1506)
Moodle Credentials Management Errors Vulnerability (CVE-2012-0794)
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2014-9635)