Download
| Alert*
oval:org.secpod.oval:def:1800030
CVE-2017-7484: selectivity estimators bypass SELECT privilege checks; Fixed In Version: postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:201713 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:201875 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:33753 The host is installed with PostgreSQL 9.3.3 or earlier versions and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests. Successful exp ... oval:org.mitre.oval:def:7291 The host is installed with PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, or 9.0 before 9.0.1 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly protect script ... oval:org.secpod.oval:def:204660 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:1501972 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502111 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:1800481 CVE-2017-7484: selectivity estimators bypass SELECT privilege checks Fixed In Version postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:33755 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly check the return value of the crypt library fu ... oval:org.secpod.oval:def:33765 The host is installed with PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14 or 8.2.x before 8.2.20 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle integers with a large number of digits to unspecified functio ... oval:org.secpod.oval:def:201520 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:500460 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:500465 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:200587 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:500239 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:33750 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allow remote ... oval:org.secpod.oval:def:33752 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation all ... oval:org.secpod.oval:def:33751 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple stack based buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to an incorrec ... oval:org.secpod.oval:def:203041 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:203046 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:33749 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle a function that is (1) defined in another language ... oval:org.secpod.oval:def:33748 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly enforce the ADMIN OPTION restriction. Successful exploit ... oval:org.secpod.oval:def:601218 Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. ... oval:org.secpod.oval:def:701584 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:601219 Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. ... oval:org.secpod.oval:def:33756 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitati ... oval:org.secpod.oval:def:1500395 Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:601002 A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. oval:org.secpod.oval:def:600873 Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. CVE-2012-3488 contrib/xml2"s xslt_process can be used to read and write external files and URLs. CVE-2012-3489 xml_parse fetches external files or URLs to resolve DTD and entity references in XML values. Th ... oval:org.secpod.oval:def:500799 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:701240 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:600741 Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked. This could ... oval:org.secpod.oval:def:1500291 Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severit ... oval:org.secpod.oval:def:202341 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:500800 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:701168 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:600972 Sumit Soni discovered that PostgreSQL,an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service. oval:org.secpod.oval:def:33772 The host is installed with PostgreSQL 8.3 before 8.3.19, 8.4 before 8.4.12, 9.0 before 9.0.8 or 9.1 before 9.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle (1) SECURITY DEFINER or (2) SET attributes to a procedural language ... oval:org.secpod.oval:def:33771 The host is installed with PostgreSQL 8.3 before 8.3.18, 8.4 before 8.4.11, 9.0 before 9.0.7 or 9.1 before 9.1.3 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly handle truncation of the common name. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:33774 The host is installed with PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9 or 9.1 before 9.1.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an XML value that refers to (1) a DTD or (2) an entity, relat ... oval:org.secpod.oval:def:33773 The host is installed with PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9 or 9.1 before 9.1.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle (1) stylesheet commands that are permitted by the libxslt sec ... oval:org.secpod.oval:def:33770 The host is installed with PostgreSQL 8.3 before 8.3.18, 8.4 before 8.4.11, 9.0 before 9.0.7 or 9.1 before 9.1.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly check the execute permission for trigger functions marked SECURITY DEFI ... oval:org.secpod.oval:def:10727 The host is installed with PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13 or 8.4.x before 8.4.17 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to the contrib/pgcrypto functions. Successful exploitation a ... oval:org.secpod.oval:def:202453 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:500893 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:202450 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:500894 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:202337 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:9328 The host is installed with PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16 or 8.3.x before 8.3.23 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly declare the enum_recv function in backend/utils ... oval:org.secpod.oval:def:33758 The host is installed with PostgreSQL 8.3 before 8.3.18, 8.4 before 8.4.11, 9.0 before 9.0.7 or 9.1 before 9.1.3 and is prone to a CRLF injection vulnerability. A flaw is present in the application, which fails to properly handle a crafted file containing object names with newlines, which are insert ... oval:org.secpod.oval:def:501118 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... oval:org.secpod.oval:def:202960 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... oval:org.secpod.oval:def:700975 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could allow unintended access to files over the network when using the XML2 extension. oval:org.secpod.oval:def:700881 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could be made to crash or incorrectly handle authentication. oval:org.secpod.oval:def:500836 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:600827 Two vulnerabilities were discovered in PostgreSQL, an SQL database server: CVE-2012-2143 The crypt function in the pgcrypto contrib module did not handle certain passwords correctly, ignoring characters after the first character which does not fall into the ASCII range. CVE-2012-2655 SECURITY DEFINE ... oval:org.secpod.oval:def:202377 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... |