USN-3589-1 postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerability

It was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code...

CVE-2017-12172

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provid...

The vulnerability of the PostgreSQL database management system, caused by deficiencies in the authentication process, allows a hacker to obtain the password.

The vulnerability of the PostgreSQL database management system arises from deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain passwords without having the necessary privileges...

The vulnerability of the PostgreSQL database management system, related to deficiencies in the authentication process, allows attackers to gain access to the database account.

The vulnerability of the PostgreSQL database management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain access to the database account with an empty password...

PostgreSQL Man-in-the-Middle Attack Vulnerability

PostgreSQL is a free object-relational database management system developed by the PostgreSQL development group. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A security vulnerability exists in PostgreSQL. This...

PT-2017-3820 · Postgresql +3 · Postgresql +3

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 9.2.21 PostgreSQL versions 9.3.x prior to 9.3.17 PostgreSQL versions 9.4.x prior to 9.4.12 PostgreSQL versions 9.5.x prior to 9.5.7 PostgreSQL versions 9.6.x prior to 9.6.3 Description: The issue is related to...

CVE-2016-5424

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a 1 " double quote, 2 \ backslash, 3 carriage return, or 4 newline character ...

CVE-2016-5423

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service NULL pointer dereference and server crash, obtain sensitive memory information, or possibly execute arbitrary code via 1 a...

The vulnerability of the PostgreSQL database management system allows a malicious individual to cause service failures or obtain confidential information.

The PostgreSQL database management system versions 9.2.x up to 9.2.3, 9.1.x up to 9.1.8, 9.0.x up to 9.0.12, 8.4.x up to 8.4.16, and 8.3.x up to 8.3.23 incorrectly handle the enumrecv function in the backend/utils/adt/enum.c interface. This allows authorized users to trigger server failures or...

The vulnerability of the PostgreSQL database management system allows a malicious attacker to induce a service failure.

The PostgreSQL software contains a vulnerability related to the incorrect processing of input data by one of the functions involved in data encryption. If this function is exploited, an unauthorized user can trigger a denial-of-service attack...

CVE-2016-3065

The 1 brinpagetype and 2 brinmetapageinfo functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service server crash via a crafted byte...

CVE-2016-2193

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role...

CVE-2016-0773

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service infinite loop or buffer overflow and crash via a large Unicode character range in a regular expression...

CVE-2016-0766

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors...

The vulnerability of the PostgreSQL database management system allows a attacker to cause a service failure or read arbitrary portions of the server’s memory.

The vulnerability of the crypt function in the contrib/pgcrypto component of the PostgreSQL database management system is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to cause service failures or read arbitrary portions of the...

MGASA-2015-0250 Updated postgresql package fixes security vulnerability

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire during the session...

PostgreSQL 'snprintf()' Information Disclosure Vulnerability

PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. In PostgreSQL versions 9.3 and 9.4, the replacement implementation of the function snprintf fails to check for errors reported by the lower-level database, which may result in...

[SECURITY] [DSA 3270-1] postgresql-9.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3270-1 [email protected] http://www.debian.org/security/ Christoph Berg May 22, 2015 http://www.debian.org/security/faq -...

PostgreSQL 'constraint-violation' information disclosure vulnerability

PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. The PostgreSQL constraint-violation error message discloses sensitive information and allows attackers to exploit the vulnerability to obtain sensitive information...

UBUNTU-CVE-2015-0244

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an...