Download
| Alert*
oval:org.secpod.oval:def:1800030
CVE-2017-7484: selectivity estimators bypass SELECT privilege checks; Fixed In Version: postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:1800769 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:1800777 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:1800286 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:33747 The host is installed with PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7 or 9.4.x before 9.4.2 and is prone to a double free vulnerability. A flaw is present in the application, which fails to properly handle session shutdown sequence. Successful exploitation ... oval:org.secpod.oval:def:33754 The host is installed with PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to the (1) hstore_recv, (2) hstore_from_ ... oval:org.secpod.oval:def:33753 The host is installed with PostgreSQL 9.3.3 or earlier versions and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests. Successful exp ... oval:org.secpod.oval:def:33741 The host is installed with PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, or 9.5.x before 9.5.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a large Unicode character range in a regular express ... oval:org.secpod.oval:def:1800264 CVE-2016-5423: CASE/WHEN with in lining can cause untrusted pointer dereference. Fixed In Version: postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23 CVE-2016-5424: database and role names with embedded special characters can allow code injection during admi ... oval:org.secpod.oval:def:38564 The host is installed with PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, or 9.5.x before 9.5.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle a (1) " (double quote), (2) \ (backslash), (3) ca ... oval:org.secpod.oval:def:38565 The host is installed with PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, or 9.5.x before 9.5.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a CASE expression or inlining of an SQL function. Su ... oval:org.secpod.oval:def:702572 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:204153 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ... oval:org.secpod.oval:def:204556 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal ... oval:org.secpod.oval:def:204660 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:203658 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:33740 The host is installed with PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, or 9.5.x before 9.5.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly restrict access to unspecified custom configura ... oval:org.secpod.oval:def:502111 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:1800481 CVE-2017-7484: selectivity estimators bypass SELECT privilege checks Fixed In Version postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:1501972 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:44448 The host is installed with PostgreSQL 10.x before 10.1, 9.2.x before 9.2.24, 9.3.x before 9.3.20, 9.4.x before 9.4.15, 9.5.x before 9.5.10 or 9.6.x before 9.6.6 and is prone to a remote privilege escalation vulnerability. The flaws present in the application fails to handle the initialization script ... oval:org.secpod.oval:def:204722 PostgreSQL is an advanced object-relational database management system . Security Fix: * Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: T ... oval:org.secpod.oval:def:1502087 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:33755 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly check the return value of the crypt library fu ... oval:org.secpod.oval:def:1800296 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version: postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postg ... oval:org.secpod.oval:def:1800213 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version: postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postg ... oval:org.secpod.oval:def:1800735 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postgr ... oval:org.secpod.oval:def:1800044 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version:¶ postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, ... oval:org.secpod.oval:def:52489 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:602111 Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ... oval:org.secpod.oval:def:602109 Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ... oval:org.secpod.oval:def:1501055 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:1501054 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:602124 The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary backup. Updated packages are now available to address this regression. Please refer to the upstream Bug FAQ for additional ... oval:org.secpod.oval:def:501586 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:203657 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:204570 PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal to send an empty password. A remote attacker could potentially use this flaw to gain ... oval:org.secpod.oval:def:602370 Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. CVE-2 ... oval:org.secpod.oval:def:52160 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database PostgreSQL could be made to crash or expose private information if it handled specially crafted data. oval:org.secpod.oval:def:52694 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database PostgreSQL could be made to crash or run programs if it handled specially crafted data. oval:org.secpod.oval:def:701584 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:33756 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitati ... oval:org.secpod.oval:def:33750 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allow remote ... oval:org.secpod.oval:def:33752 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation all ... oval:org.secpod.oval:def:33751 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple stack based buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to an incorrec ... oval:org.secpod.oval:def:203041 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:203046 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:33749 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle a function that is (1) defined in another language ... oval:org.secpod.oval:def:33748 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly enforce the ADMIN OPTION restriction. Successful exploit ... oval:org.secpod.oval:def:601218 Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. ... oval:org.secpod.oval:def:601219 Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. ... oval:org.secpod.oval:def:1500395 Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:51620 postgresql-9.5: object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:44446 The host is installed with PostgreSQL 9.2.x before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8 or 9.6.x before 9.6.4 and is prone to an information disclosure vulnerability. The flaws present in the application fails to handle an authorization issue. Successful exploitation ... oval:org.secpod.oval:def:44447 The host is installed with PostgreSQL 9.2.x before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8 or 9.6.x before 9.6.4 and is prone to an authentication bypass vulnerability. The flaws present in the application fails to handle an authentication issue. Successful exploitation ... oval:org.secpod.oval:def:113056 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:603041 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ... oval:org.secpod.oval:def:53112 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ... oval:org.secpod.oval:def:502136 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal ... oval:org.secpod.oval:def:1502025 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502031 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502149 PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal to send an empty password. A remote attacker could potentially use this flaw to gain ... oval:org.secpod.oval:def:113099 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:51871 postgresql-9.6: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:601002 A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. oval:org.secpod.oval:def:701240 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1500291 Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severit ... oval:org.secpod.oval:def:10727 The host is installed with PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13 or 8.4.x before 8.4.17 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to the contrib/pgcrypto functions. Successful exploitation a ... oval:org.secpod.oval:def:10728 The host is installed with PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9 or 9.0.x before 9.0.13 and is prone to argument injection vulnerability. A flaw is present in the application, which fails to handle a connection request using a database name that begins with a "-" (hyphen). Successful exp ... oval:org.secpod.oval:def:10726 The host is installed with PostgreSQL 9.2.x before 9.2.4 or 9.1.x before 9.1.9 and is prone to security-bypass vulnerability. A flaw is present in the application, which fails to properly check REPLICATION privileges. Successful exploitation allows attackers to bypass certain security restrictions a ... oval:org.secpod.oval:def:501118 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... oval:org.secpod.oval:def:202960 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... |