Download
| Alert*
oval:org.secpod.oval:def:1800030
CVE-2017-7484: selectivity estimators bypass SELECT privilege checks; Fixed In Version: postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:1800777 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:1800286 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:1800769 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:33741 The host is installed with PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, or 9.5.x before 9.5.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a large Unicode character range in a regular express ... oval:org.secpod.oval:def:1800264 CVE-2016-5423: CASE/WHEN with in lining can cause untrusted pointer dereference. Fixed In Version: postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23 CVE-2016-5424: database and role names with embedded special characters can allow code injection during admi ... oval:org.secpod.oval:def:38564 The host is installed with PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, or 9.5.x before 9.5.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle a (1) " (double quote), (2) \ (backslash), (3) ca ... oval:org.secpod.oval:def:38565 The host is installed with PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, or 9.5.x before 9.5.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a CASE expression or inlining of an SQL function. Su ... oval:org.secpod.oval:def:702572 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:702414 postgresql-9.4 is installed oval:org.secpod.oval:def:204153 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ... oval:org.secpod.oval:def:702408 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:204556 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal ... oval:org.secpod.oval:def:702407 binutils: GNU assembler, linker and binary utilities Applications from GNU binutils could be made to crash, run programs, or delete arbitrary files as your login if they opened a specially crafted file. oval:org.secpod.oval:def:204660 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:33740 The host is installed with PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, or 9.5.x before 9.5.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly restrict access to unspecified custom configura ... oval:org.secpod.oval:def:702964 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database PostgreSQL could be made to crash or run programs if it handled specially crafted data. oval:org.secpod.oval:def:1501972 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:602879 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure. CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment ... oval:org.secpod.oval:def:502111 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:1800481 CVE-2017-7484: selectivity estimators bypass SELECT privilege checks Fixed In Version postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:44448 The host is installed with PostgreSQL 10.x before 10.1, 9.2.x before 9.2.24, 9.3.x before 9.3.20, 9.4.x before 9.4.15, 9.5.x before 9.5.10 or 9.6.x before 9.6.6 and is prone to a remote privilege escalation vulnerability. The flaws present in the application fails to handle the initialization script ... oval:org.secpod.oval:def:204722 PostgreSQL is an advanced object-relational database management system . Security Fix: * Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: T ... oval:org.secpod.oval:def:1502087 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:30208 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database PostgreSQL could be made to crash or expose private information if it handled specially crafted data. oval:org.secpod.oval:def:1800296 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version: postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postg ... oval:org.secpod.oval:def:1800213 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version: postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postg ... oval:org.secpod.oval:def:1800735 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postgr ... oval:org.secpod.oval:def:1800044 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version:¶ postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, ... oval:org.secpod.oval:def:602111 Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ... oval:org.secpod.oval:def:204570 PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal to send an empty password. A remote attacker could potentially use this flaw to gain ... oval:org.secpod.oval:def:602368 Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-0766 A privilege escalation vulnerability for users of PL/Java was discovered. Certain custom configuration settings for PL/Java will now be modifiable only by the database superuser to mitigate this issue. C ... oval:org.secpod.oval:def:602248 Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. CVE-2 ... oval:org.secpod.oval:def:52694 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database PostgreSQL could be made to crash or run programs if it handled specially crafted data. oval:org.secpod.oval:def:51620 postgresql-9.5: object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:602588 Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. CVE-2016-5424 Nathan ... oval:org.secpod.oval:def:44445 The host is installed with PostgreSQL 9.4.x before 9.4.13, 9.5.x before 9.5.8 or 9.6.x before 9.6.4 and is prone to remote denial of service vulnerability. The flaws present in the application fails to handle exceptional conditions. Successful exploitation allows attackers to cause a denial-of-servi ... oval:org.secpod.oval:def:44446 The host is installed with PostgreSQL 9.2.x before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8 or 9.6.x before 9.6.4 and is prone to an information disclosure vulnerability. The flaws present in the application fails to handle an authorization issue. Successful exploitation ... oval:org.secpod.oval:def:44447 The host is installed with PostgreSQL 9.2.x before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8 or 9.6.x before 9.6.4 and is prone to an authentication bypass vulnerability. The flaws present in the application fails to handle an authentication issue. Successful exploitation ... oval:org.secpod.oval:def:52194 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:502136 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal ... oval:org.secpod.oval:def:51932 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1502025 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:44451 The host is installed with PostgreSQL 10.x before 10.1, 9.3.x before 9.3.20, 9.4.x before 9.4.15, 9.5.x before 9.5.10 or 9.6.x before 9.6.6 and is prone to a memory disclosure vulnerability. The flaw present in the application fails to handle the json function call issue. Successful exploitation all ... oval:org.secpod.oval:def:53178 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-15098 Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions CVE-2017-15099 Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE&q ... oval:org.secpod.oval:def:1502031 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502149 PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal to send an empty password. A remote attacker could potentially use this flaw to gain ... oval:org.secpod.oval:def:113099 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:113056 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:51871 postgresql-9.6: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:603163 A vulnerability has been found in the PostgreSQL database system: Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions. oval:org.secpod.oval:def:603041 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ... oval:org.secpod.oval:def:53112 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ... oval:org.secpod.oval:def:703885 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:45859 The host is installed with PostgreSQL 9.3 through 10 and is prone to a privilege escalation vulnerability. The flaw present in the application fails to prevent a user from modifying the behavior of a query for other users.. Successful exploitation allows attackers to execute code with the permission ... oval:org.secpod.oval:def:52091 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to execute arbitrary code. oval:org.secpod.oval:def:704217 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to execute arbitrary code. |