Lucene search

K
nessusTenable6744.PRM
HistoryApr 05, 2013 - 12:00 a.m.

PostgreSQL < 9.1.9 / 9.2.4 Multiple Vulnerabilities

2013-04-0500:00:00
Tenable
www.tenable.com
12

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

Versions of PostgreSQL earlier than 9.1.9 or 9.2.4 and are potentially affected by the following vulnerabilities :

  • A denial of service when parsing server command-line switches. (CVE-2013-1899)

  • An information disclosure due to an error in the ‘contrib\pgcrypto’ functions. (CVE-2013-1900)

  • Is is prone to a security-bypass, the server component fails to properly handle REPLICATION privilege checks for the current user. (CVE-2013-1901)

  • An insecure temporary file-creation, specifically occurs when a file with a predictable filename in the ‘/tmp’ directory is created. (CVE-2013-1902)

  • A password disclosure vulnerability occurs due to the application passing the database superuser passwords to a script, specifically exists in the graphical installers package. (CVE-2013-1093)

Binary data 6744.prm
VendorProductVersionCPE
postgresqlpostgresqlcpe:/a:postgresql:postgresql

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%