Download
| Alert*
|
oval:org.secpod.oval:def:1600708
postgresql95 is installed oval:org.secpod.oval:def:1600812 Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL disclose table contents that the inv ... oval:org.secpod.oval:def:1600869 Uncontrolled search path element in pg_dump and other client applicationsA flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database oval:org.secpod.oval:def:1600707 Selectivity estimators bypass SELECT privilege checksIt was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables ... oval:org.secpod.oval:def:1600929 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ... oval:org.secpod.oval:def:1600948 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ... oval:org.secpod.oval:def:1600767 pg_user_mappings view discloses passwords to users lacking server privileges:An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user mappi ... |
