562 matches found
PostgreSQL 'snprintf()' Information Disclosure Vulnerability
PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. In PostgreSQL versions 9.3 and 9.4, the replacement implementation of the function snprintf fails to check for errors reported by the lower-level database, which may result in...
[SECURITY] [DSA 3270-1] postgresql-9.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3270-1 [email protected] http://www.debian.org/security/ Christoph Berg May 22, 2015 http://www.debian.org/security/faq -...
PostgreSQL 'constraint-violation' information disclosure vulnerability
PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. The PostgreSQL constraint-violation error message discloses sensitive information and allows attackers to exploit the vulnerability to obtain sensitive information...
UBUNTU-CVE-2015-0244
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an...
PostgreSQL 8.4.1 Denial Of Service Integer Overflow
PostgreSQL is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied data before using it in memory-allocation calculations. An attacker can exploit this issue to cause the affected application to crash. Due to the nature of this issue, remote code...
CVE-2014-0061
The validator functions for the procedural languages PLs in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is 1 defined in another language or 2 not allowed to b...
Debian DSA-2865-1 : postgresql-9.1 - several vulnerabilities
Various vulnerabilities were discovered in PostgreSQL : - CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions Noah Misch Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily...
CVE-2013-4422
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ backslash in a message...
USN-1717-1: PostgreSQL vulnerability
Sumit Soni discovered that PostgreSQL incorrectly handled calling a certain internal function with invalid arguments. An authenticated attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service...
CentOS Update for postgresql84 CESA-2012:1263 centos5
Check for the Version of postgresql84 OpenVAS Vulnerability Test CentOS Update for postgresql84 CESA-2012:1263 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...
postgresql: Ability of database owners to install procedural languages via CREATE LANGUAGE found unsafe (DoS)
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service server crash by adding the 1 SECURITY DEFINER or 2 SET attributes to a procedural language's call handler...
postgresql: MITM due improper x509_v3 CN validation during certificate verification
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters...
DEBIAN-CVE-2011-2483
cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...
PL/Tcl): SECURITY DEFINER function keyword bypass
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...
CVE-2010-1447
The Safe aka Safe.pm module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended 1...
PostgreSQL: PL/Tcl Intended restriction bypass
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltclmodules table regardless of the table's ownership and permissions, which allows remo...
Ubuntu Update for PostgreSQL vulnerability USN-933-1
Ubuntu Update for Linux kernel vulnerabilities USN-933-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9331.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for PostgreSQL vulnerability USN-933-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
CVE-2009-3229
CVE-2009-3229 affects PostgreSQL core server components: versions 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 are vulnerable. Remote authenticated users can trigger a denial of service (backend shutdown) by re-loading libraries from a specific plugins directory. Remediation is to ap...
PT-2009-5547 · Postgresql · Postgresql
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 8.2 through 8.2.14 PostgreSQL versions 8.3 through 8.3.8 Description: The issue allows remote attackers to bypass authentication via an empty password when using LDAP authentication with anonymous binds. If PostgreSQL is...
dblink allows proxying of database connections via 127.0.0.1
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...