Download
| Alert*
|
oval:org.secpod.oval:def:1200103
postgresql92 is installed oval:org.secpod.oval:def:1600811 Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL can ... oval:org.secpod.oval:def:1600927 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ... oval:org.secpod.oval:def:1600709 Selectivity estimators bypass SELECT privilege checksIt was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables ... oval:org.secpod.oval:def:505826 Red Hat Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of Red Hat Network without having to provide public Internet access to their servers or othe ... oval:org.secpod.oval:def:1200102 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service by closing an SSL session at a time when the authentication timeout will expire during the session shutdow ... oval:org.secpod.oval:def:1200180 Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service via unspecified vectors, which are not properly handled in json or jsonb values. The crypt function in contrib/pgcrypto in PostgreSQL ... oval:org.secpod.oval:def:1600400 An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. oval:org.secpod.oval:def:1200113 A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user run ... oval:org.secpod.oval:def:1600448 A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. A flaw wa ... oval:org.secpod.oval:def:1600765 pg_user_mappings view discloses passwords to users lacking server privileges:An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user mappi ... |
