Download
| Alert*
|
oval:org.secpod.oval:def:1800030
CVE-2017-7484: selectivity estimators bypass SELECT privilege checks; Fixed In Version: postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:33754 The host is installed with PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to the (1) hstore_recv, (2) hstore_from_ ... oval:org.secpod.oval:def:33753 The host is installed with PostgreSQL 9.3.3 or earlier versions and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests. Successful exp ... oval:org.secpod.oval:def:204660 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:1501972 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502111 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:1800481 CVE-2017-7484: selectivity estimators bypass SELECT privilege checks Fixed In Version postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:33755 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly check the return value of the crypt library fu ... oval:org.secpod.oval:def:33750 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allow remote ... oval:org.secpod.oval:def:33752 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation all ... oval:org.secpod.oval:def:33751 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple stack based buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to an incorrec ... oval:org.secpod.oval:def:203041 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:203046 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:33749 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle a function that is (1) defined in another language ... oval:org.secpod.oval:def:33748 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly enforce the ADMIN OPTION restriction. Successful exploit ... oval:org.secpod.oval:def:601218 Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. ... oval:org.secpod.oval:def:701584 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:601219 Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. ... oval:org.secpod.oval:def:33756 The host is installed with PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7 or 9.3.x before 9.3.3 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitati ... oval:org.secpod.oval:def:1500395 Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:601002 A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. oval:org.secpod.oval:def:600873 Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. CVE-2012-3488 contrib/xml2"s xslt_process can be used to read and write external files and URLs. CVE-2012-3489 xml_parse fetches external files or URLs to resolve DTD and entity references in XML values. Th ... oval:org.secpod.oval:def:701240 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1500291 Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severit ... oval:org.secpod.oval:def:701168 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:600972 Sumit Soni discovered that PostgreSQL,an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service. oval:org.secpod.oval:def:33772 The host is installed with PostgreSQL 8.3 before 8.3.19, 8.4 before 8.4.12, 9.0 before 9.0.8 or 9.1 before 9.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle (1) SECURITY DEFINER or (2) SET attributes to a procedural language ... oval:org.secpod.oval:def:33774 The host is installed with PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9 or 9.1 before 9.1.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an XML value that refers to (1) a DTD or (2) an entity, relat ... oval:org.secpod.oval:def:33773 The host is installed with PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9 or 9.1 before 9.1.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle (1) stylesheet commands that are permitted by the libxslt sec ... oval:org.secpod.oval:def:10727 The host is installed with PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13 or 8.4.x before 8.4.17 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to the contrib/pgcrypto functions. Successful exploitation a ... oval:org.secpod.oval:def:202453 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:10728 The host is installed with PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9 or 9.0.x before 9.0.13 and is prone to argument injection vulnerability. A flaw is present in the application, which fails to handle a connection request using a database name that begins with a "-" (hyphen). Successful exp ... oval:org.secpod.oval:def:500893 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:202450 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:500894 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:9328 The host is installed with PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16 or 8.3.x before 8.3.23 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly declare the enum_recv function in backend/utils ... oval:org.secpod.oval:def:501118 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... oval:org.secpod.oval:def:202960 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... oval:org.secpod.oval:def:700975 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could allow unintended access to files over the network when using the XML2 extension. oval:org.secpod.oval:def:700881 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could be made to crash or incorrectly handle authentication. oval:org.secpod.oval:def:500836 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:600827 Two vulnerabilities were discovered in PostgreSQL, an SQL database server: CVE-2012-2143 The crypt function in the pgcrypto contrib module did not handle certain passwords correctly, ignoring characters after the first character which does not fall into the ASCII range. CVE-2012-2655 SECURITY DEFINE ... oval:org.secpod.oval:def:202377 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... |
