[USN-1789-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-1789-1 April 04, 2013 postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities ========================================================================== A security issue affects these...

Ubuntu Update for postgresql-9.1 USN-1789-1

Check for the Version of postgresql-9.1 OpenVAS Vulnerability Test $Id: gbubuntuUSN17891.nasl 8542 2018-01-26 06:57:28Z teissa $ Ubuntu Update for postgresql-9.1 USN-1789-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program i...

Debian DSA-2657-1 : postgresql-8.4 - guessable random numbers

A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...

Code injection

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...

CVE-2013-1900

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...

CVE-2013-1900

CVE-2013-1900 affects PostgreSQL across multiple branches (9.2.x <9.2.4, 9.1.x <9.1.9, 9.0.x <9.0.13, 8.4.x

Vulnerability in contrib module (CVE-2013-1900)

Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess...

[BSA-080] Security Update for postgresql-9.1

Package : postgresql-9.1 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 Debian Bug : 704479 Several vulnerabilities were discovered in PostgreSQL database server. CVE-2013-1899 Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open...

USN-1789-1: PostgreSQL vulnerabilities

Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server's data directory. This issue only applied to Ubuntu...

[SECURITY] [DSA 2657-1] postgresql-8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2657-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano April 04, 2013 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2657-1] postgresql-8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2657-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano April 04, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2658-1 (postgresql-9.1 - several vulnerabilities)

Several vulnerabilities were discovered in PostgreSQL database server. CVE-2013-1899Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center discovered that it was possible for a connection request containing a database name that begins with - to be crafted that can damage or...

Debian Security Advisory DSA 2657-1 (postgresql-8.4 - guessable random numbers)

A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. OpenVAS Vulnerability Test $Id: deb2657.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2657-1 using nvtg...

DSA-2657-1 postgresql-8.4 - guessable random numbers

Bulletin has no description...

pyrad -- multiple vulnerabilities

Nathaniel McCallum reports: packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. The CreateID function in packet.py in pyrad before 2.1 uses...

Design/Logic Flaw

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

CVE-2012-2681

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

CVE-2012-2681

CVE-2012-2681 affects Cumin before 0.1.5444 used in Red Hat Enterprise Messaging/Realtime/Grid (MRG) 2.0. It uses predictable random numbers to generate session keys, making it easier for remote attackers to guess the session key. Connected advisories indicate Red Hat security updates for the Gri...

CVE-2012-1581

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users...

CVE-2012-1581

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users. Any extension developers using mtrand to generate random numbers in contexts where security is require...