Versions of PostgreSQL earlier than 9.1.3, 9.0.7, 8.4.11 and are potentially affected by the following vulnerabilities :
Permissions on a function called by a trigger are not properly checked. (CVE-2012-0866)
SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificates. (CVE-2012-0867)
Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file. (CVE-2012-0868)
Binary data 6337.prm
Vendor | Product | Version | CPE |
---|---|---|---|
postgresql | postgresql | cpe:/a:postgresql:postgresql |