331 matches found
postgresql: Buffer overrun from integer overflow in array subscripting calculations
A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...
CVE-2021-23211
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3...
CVE-2021-23182
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; All versions of 8.30...
CVE-2021-23211
CVE-2021-23211 affects Gallagher Command Centre Server (Gallagher Command Centre 8.40 prior to 8.40.1888 MR3). The root cause is Cleartext Storage of Sensitive Information in Memory, allowing the Cloud end-to-end encryption key to be recoverable from server memory dumps. The connected PT-2021-154...
PT-2021-15406 · Gallagher · Gallagher Command Centre
Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3 Description: The issue concerns a Cleartext Storage of Sensitive Information in Memory vulnerability in the Gallagher Command Centre Server. This vulnerability allows the Cloud...
postgresql: Memory disclosure in partitioned-table UPDATE ... RETURNING
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
postgresql: Buffer overrun from integer overflow in array subscripting calculations
A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...
Out-of-bounds
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...
CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...
CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...
CVE-2021-32028
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
CVE-2021-32027
A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...
Denial Of Service (DoS)
postgresql is vulnerable to denial of service DoS. The vulnerability exists through the lack of bounds check during the modification of certain SQL array values, allowing authenticated database users write arbitrary bytes to a wide area of server memory...
Information Disclosure
postgresql is vulnerable to information disclosure. An attacker can read arbitrary bytes of server memory using the UPDATE ... RETURNING statements on a purpose-crafted partitioned table...
Information Disclosure
postgresql is vulnerable to information disclosure. The vulnerability exists through the use of an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, allowing arbitrary bytes of server memory to be read. The CREATE and TEMPORARY privileges on all databases and the CREATE...
PostgreSQL 信息泄露漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. An information disclosure vulnerability exists in PostgreSQL. An...
PostgreSQL -- Memory disclosure in partitioned-table UPDATE ... RETURNING
The PostgreSQL project reports: Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacki...
CVE-2018-10925
It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limit...