Download
| Alert*
|
oval:org.secpod.oval:def:1800030
CVE-2017-7484: selectivity estimators bypass SELECT privilege checks; Fixed In Version: postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:1800777 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:1800286 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:1800769 CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ... oval:org.secpod.oval:def:33741 The host is installed with PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, or 9.5.x before 9.5.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a large Unicode character range in a regular express ... oval:org.secpod.oval:def:1800264 CVE-2016-5423: CASE/WHEN with in lining can cause untrusted pointer dereference. Fixed In Version: postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23 CVE-2016-5424: database and role names with embedded special characters can allow code injection during admi ... oval:org.secpod.oval:def:38564 The host is installed with PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, or 9.5.x before 9.5.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle a (1) " (double quote), (2) \ (backslash), (3) ca ... oval:org.secpod.oval:def:38565 The host is installed with PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, or 9.5.x before 9.5.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a CASE expression or inlining of an SQL function. Su ... oval:org.secpod.oval:def:204153 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ... oval:org.secpod.oval:def:204556 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal ... oval:org.secpod.oval:def:204660 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:33740 The host is installed with PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, or 9.5.x before 9.5.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly restrict access to unspecified custom configura ... oval:org.secpod.oval:def:51167 postgresql-10: Object-relational SQL database PostgreSQL could be made to run SQL statements as the administrator. oval:org.secpod.oval:def:1501972 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502111 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ... oval:org.secpod.oval:def:1800481 CVE-2017-7484: selectivity estimators bypass SELECT privilege checks Fixed In Version postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3 oval:org.secpod.oval:def:44448 The host is installed with PostgreSQL 10.x before 10.1, 9.2.x before 9.2.24, 9.3.x before 9.3.20, 9.4.x before 9.4.15, 9.5.x before 9.5.10 or 9.6.x before 9.6.6 and is prone to a remote privilege escalation vulnerability. The flaws present in the application fails to handle the initialization script ... oval:org.secpod.oval:def:204722 PostgreSQL is an advanced object-relational database management system . Security Fix: * Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: T ... oval:org.secpod.oval:def:1502087 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1800296 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version: postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postg ... oval:org.secpod.oval:def:1800213 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version: postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postg ... oval:org.secpod.oval:def:1800735 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postgr ... oval:org.secpod.oval:def:1800044 CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: lo_put function ignores ACLs Fixed In Version:¶ postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, ... oval:org.secpod.oval:def:204570 PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal to send an empty password. A remote attacker could potentially use this flaw to gain ... oval:org.secpod.oval:def:52694 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database PostgreSQL could be made to crash or run programs if it handled specially crafted data. oval:org.secpod.oval:def:51017 postgresql-10: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:52947 postgresql-10: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:53393 Two vulnerabilities have been found in the PostgreSQL database system: CVE-2018-10915 Andrew Krasichkov discovered that libpq did not reset all its connection state during reconnects. CVE-2018-10925 It was discovered that some "CREATE TABLE" statements could disclose server memory. For add ... oval:org.secpod.oval:def:51620 postgresql-9.5: object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:44445 The host is installed with PostgreSQL 9.4.x before 9.4.13, 9.5.x before 9.5.8 or 9.6.x before 9.6.4 and is prone to remote denial of service vulnerability. The flaws present in the application fails to handle exceptional conditions. Successful exploitation allows attackers to cause a denial-of-servi ... oval:org.secpod.oval:def:44446 The host is installed with PostgreSQL 9.2.x before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8 or 9.6.x before 9.6.4 and is prone to an information disclosure vulnerability. The flaws present in the application fails to handle an authorization issue. Successful exploitation ... oval:org.secpod.oval:def:44447 The host is installed with PostgreSQL 9.2.x before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8 or 9.6.x before 9.6.4 and is prone to an authentication bypass vulnerability. The flaws present in the application fails to handle an authentication issue. Successful exploitation ... oval:org.secpod.oval:def:52194 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:502136 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal ... oval:org.secpod.oval:def:51932 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1502025 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:44451 The host is installed with PostgreSQL 10.x before 10.1, 9.3.x before 9.3.20, 9.4.x before 9.4.15, 9.5.x before 9.5.10 or 9.6.x before 9.6.6 and is prone to a memory disclosure vulnerability. The flaw present in the application fails to handle the json function call issue. Successful exploitation all ... oval:org.secpod.oval:def:53178 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-15098 Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions CVE-2017-15099 Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE&q ... oval:org.secpod.oval:def:1502031 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502149 PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal to send an empty password. A remote attacker could potentially use this flaw to gain ... oval:org.secpod.oval:def:113099 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:113056 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ... oval:org.secpod.oval:def:51871 postgresql-9.6: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:603041 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ... oval:org.secpod.oval:def:53112 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ... oval:org.secpod.oval:def:703885 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:45857 The host is installed with PostgreSQL 10.x before 10.2, 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11 or 9.6.x before 9.6.7 and is prone to an information disclosure vulnerability. The flaw present in the application fails to handle issues in pg_upgrade function. Successful exploitat ... oval:org.secpod.oval:def:52087 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to expose sensitive information. oval:org.secpod.oval:def:704211 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to expose sensitive information. oval:org.secpod.oval:def:45859 The host is installed with PostgreSQL 9.3 through 10 and is prone to a privilege escalation vulnerability. The flaw present in the application fails to prevent a user from modifying the behavior of a query for other users.. Successful exploitation allows attackers to execute code with the permission ... oval:org.secpod.oval:def:52091 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to execute arbitrary code. oval:org.secpod.oval:def:704217 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to execute arbitrary code. |
