Download
| Alert*
|
oval:org.secpod.oval:def:1800030
CVE-2017-7484: selectivity estimators bypass SELECT privilege checks; Fixed In Version: postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:33769 The host is installed with PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11 or 8.4 before 8.4.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a crafted script, related ... oval:org.secpod.oval:def:33768 The host is installed with PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11 or 8.4 before 8.4.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle pltcl_modules table. Succ ... oval:org.secpod.oval:def:33766 The host is installed with PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11 or 8.4 before 8.4.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle (1) ALTER USER or (2) ALT ... oval:org.secpod.oval:def:33767 The host is installed with PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11 or 8.4 before 8.4.4 and is prone to an intended restriction bypass vulnerability. A flaw is present in the application, which fails to properly handle vectors involving ... oval:org.secpod.oval:def:201713 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:201875 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.mitre.oval:def:7291 The host is installed with PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, or 9.0 before 9.0.1 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly protect script ... oval:org.secpod.oval:def:701687 postgresql-8.4 is installed oval:org.secpod.oval:def:702408 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:702407 binutils: GNU assembler, linker and binary utilities Applications from GNU binutils could be made to crash, run programs, or delete arbitrary files as your login if they opened a specially crafted file. oval:org.secpod.oval:def:204660 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:1501972 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502111 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:1800481 CVE-2017-7484: selectivity estimators bypass SELECT privilege checks Fixed In Version postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:201891 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricte ... oval:org.secpod.oval:def:500407 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricte ... oval:org.secpod.oval:def:201949 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricte ... oval:org.secpod.oval:def:33765 The host is installed with PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14 or 8.2.x before 8.2.20 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle integers with a large number of digits to unspecified functio ... oval:org.secpod.oval:def:201520 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:500460 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:500465 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:200587 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:500239 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:701584 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:601219 Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. ... oval:org.secpod.oval:def:601002 A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. oval:org.secpod.oval:def:600873 Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. CVE-2012-3488 contrib/xml2"s xslt_process can be used to read and write external files and URLs. CVE-2012-3489 xml_parse fetches external files or URLs to resolve DTD and entity references in XML values. Th ... oval:org.secpod.oval:def:500799 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:701240 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:600741 Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked. This could ... oval:org.secpod.oval:def:1500291 Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severit ... oval:org.secpod.oval:def:202341 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:1503883 Updated postgresql84 and postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give d ... oval:org.secpod.oval:def:500800 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:701168 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:600972 Sumit Soni discovered that PostgreSQL,an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service. oval:org.secpod.oval:def:33772 The host is installed with PostgreSQL 8.3 before 8.3.19, 8.4 before 8.4.12, 9.0 before 9.0.8 or 9.1 before 9.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle (1) SECURITY DEFINER or (2) SET attributes to a procedural language ... oval:org.secpod.oval:def:33771 The host is installed with PostgreSQL 8.3 before 8.3.18, 8.4 before 8.4.11, 9.0 before 9.0.7 or 9.1 before 9.1.3 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly handle truncation of the common name. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:33774 The host is installed with PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9 or 9.1 before 9.1.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an XML value that refers to (1) a DTD or (2) an entity, relat ... oval:org.secpod.oval:def:33773 The host is installed with PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9 or 9.1 before 9.1.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle (1) stylesheet commands that are permitted by the libxslt sec ... oval:org.secpod.oval:def:33770 The host is installed with PostgreSQL 8.3 before 8.3.18, 8.4 before 8.4.11, 9.0 before 9.0.7 or 9.1 before 9.1.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly check the execute permission for trigger functions marked SECURITY DEFI ... oval:org.secpod.oval:def:10727 The host is installed with PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13 or 8.4.x before 8.4.17 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to the contrib/pgcrypto functions. Successful exploitation a ... oval:org.secpod.oval:def:202453 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:500893 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:202450 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:500894 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:202337 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:9328 The host is installed with PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16 or 8.3.x before 8.3.23 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly declare the enum_recv function in backend/utils ... oval:org.secpod.oval:def:33758 The host is installed with PostgreSQL 8.3 before 8.3.18, 8.4 before 8.4.11, 9.0 before 9.0.7 or 9.1 before 9.1.3 and is prone to a CRLF injection vulnerability. A flaw is present in the application, which fails to properly handle a crafted file containing object names with newlines, which are insert ... oval:org.secpod.oval:def:1503784 Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:501118 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... oval:org.secpod.oval:def:202960 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... oval:org.secpod.oval:def:700975 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could allow unintended access to files over the network when using the XML2 extension. oval:org.secpod.oval:def:202063 PostgreSQL is an advanced object-relational database management system . It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authe ... oval:org.secpod.oval:def:33764 The host is installed with PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8 or 8.2 before 8.2.14 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle "re-LOAD-ing" libraries from a certain plugins directory. Successful exploitation allo ... oval:org.secpod.oval:def:33763 The host is installed with PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22 or 7.4 before 7.4.26 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly use the appropriate privileges fo ... oval:org.secpod.oval:def:202043 PostgreSQL is an advanced object-relational database management system . It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authe ... oval:org.secpod.oval:def:500625 PostgreSQL is an advanced object-relational database management system . It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authe ... oval:org.secpod.oval:def:700881 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could be made to crash or incorrectly handle authentication. oval:org.secpod.oval:def:500836 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:500837 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:600827 Two vulnerabilities were discovered in PostgreSQL, an SQL database server: CVE-2012-2143 The crypt function in the pgcrypto contrib module did not handle certain passwords correctly, ignoring characters after the first character which does not fall into the ASCII range. CVE-2012-2655 SECURITY DEFINE ... oval:org.secpod.oval:def:1503882 Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:202377 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:202362 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... |
