50 matches found
PostgreSQL 9.2.x < 9.2.21 / 9.3.x < 9.3.17 / 9.4.x < 9.4.12 / 9.5.x < 9.5.7 / 9.6.x < 9.6.3 Multiple Vulnerabilities
Binary data 700120.prm...
Debian DSA-3851-1 : postgresql-9.4 - security update
Several vulnerabilities have been found in the PostgreSQL database system : - CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure. - CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL...
PostgreSQL Multiple Information Disclosure Vulnerabilities (May 2017) - Windows
PostgreSQL is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
[SECURITY] [DSA 3851-1] postgresql-9.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3851-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2017 https://www.debian.org/security/faq -...
CVE-2017-7486
CVE-2017-7486 affects PostgreSQL 8.4–9.6 where the pg_user_mappings view could disclose foreign server credentials to any user with USAGE privilege on the foreign server. Root cause: information leakage via pg_user_mappings. Impact: potential exposure of usernames and passwords used to connect to...
CVE-2017-7486
It was found that the pgusermappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password use...
CVE-2016-7486
...
CVE-2016-7486
The CVE-2016-7486 entry is rejected/not used and does not represent an active vulnerability.
PostgreSQL vulnerabilities
The PostgreSQL project reports: Security Fixes nested CASE expressions + database and role names with embedded special characters CVE-2017-7484: selectivity estimators bypass SELECT privilege checks. CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable CVE-2017-7486: pgusermappings view...
CVE-2014-7486
The CVE-2014-7486 entry concerns the Mitsubishi Road Assist (com.agero.mitsubishi) Android app version 1.0. The vulnerability arises because the app does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and glean sensitive information via a cra...