558 matches found
SUSE-SU-2020:3455-1 Security update for postgresql10
This update for postgresql10 fixes the following issues: - Upgrade to version 10.15: CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. CVE-2020-25694, bsc1178667: a Fix usage of complex...
A flaw was found in PostgreSQL versions before 13.1 before 12.5 before 11.10 before 10.15 before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters an opportunity for a man-in-the-middle attack or the ability to observe clear-text transmissions could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
...
PostgreSQL Resource Management Error Vulnerability
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. A resource management error vulnerability exists in the PostgreSQL product that stems from if security-related parameters are dropped, an attacker could use this vulnerability to complete a MITM...
UBUNTU-CVE-2020-25694
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportuni...
UBUNTU-CVE-2020-25695
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...
postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption...
postgresql: Stack-based buffer overflow via setting a password
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the...
UBUNTU-CVE-2020-17446
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...
postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity XXE weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability...
Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2020-1587)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2020-1587)
According to the version of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in PostgreSQL's 'ALTER ... DEPENDS ON EXTENSION', where sub-commands did not perform authorization checks. An authenticated...
Denial Of Service (DoS)
postgresql is vulnerable to denial of service. Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute an SQL command which could crash the PostgreSQL server...
CVE-2019-10209
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan...
Authorization Bypass
PostgreSQL is vulnerable to authorization bypass. The vulnerability exists as the ALTER ... DEPENDS ON extension is missing authorization checks...
Authorization
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issu...
CVE-2020-1720
Removed by vendor...
CVE-2020-1720
CVE-2020-1720 discusses a PostgreSQL flaw in ALTER ... DEPENDS ON EXTENSION where sub-commands did not perform authorization checks. An authenticated attacker could, in certain configurations, drop objects (functions, triggers, etc.) causing database corruption. Affected versions are PostgreSQL p...
CVE-2020-1720
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issu...
CVE-2014-8161
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message...
The vulnerability of the “INSERT ... ON CONFLICT DO UPDATE” command implementation in the PostgreSQL database management system allows a hacker to gain unauthorized access to protected information.
The vulnerability of the “INSERT ... ON CONFLICT DO UPDATE” command in the PostgreSQL database management system is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...