GLSA-202003-03 : PostgreSQL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-03 PostgreSQL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrar...

CVE-2017-9798

A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash...

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

MGASA-2019-0225 Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

FreeBSD : PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution (9de4c1c1-b9ee-11e9-82aa-6cc21735f730)

The PostgreSQL project reports : Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

PostgreSQL Information Disclosure Vulnerability (CNVD-2019-26833)

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A security vulnerability exists in PostgreSQL version 11. This...

PostgreSQL 11.x < 11.3 Memory Disclosure Vulnerability - Windows

PostgreSQL is prone to a memory disclosure vulnerability in the partition routing. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2019-10129

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. Exploit prerequisites...

PostgreSQL memory leak vulnerability (CNVD-2019-16482)

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. There is a security vulnerability in PostgreSQL. An attacker can...

EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1545)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize functio...

Ubuntu 16.04 LTS / 18.04 LTS : PostgreSQL vulnerabilities (USN-3972-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3972-1 advisory. It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes ...

USN-3972-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. CVE-2019-10129 Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. ...

CVE-2019-10129

Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. Exploit prerequisites are the same as for CVE-2018-1052...

PostgreSQL -- Memory disclosure in partition routing

The PostgreSQL project reports: Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table...

Information Disclosure

samba is vulnerable to information disclosure. This is due to the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by t...

July 24, 2018—KB4338827 (OS Build 15063.1235)

July 24, 2018—KB4338827 OS Build 15063.1235 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses additional issues with updated time zone information. Changes the music metadata servi...

The vulnerability of the remote procedure call handler “arpc_Span” in the atlcore_.dll library of the resource management system of the Galaktika ERP system allows a malicious actor to read data from the memory of the server process.

The vulnerability of the process handler for remote procedure calls in the “arpcSpan” module of the atlcore.dll library of the resource management system of the Galaktika ERP system is related to the lack of validation for the correctness of received requests. Exploiting this vulnerability allows...

Denial Of Service (DoS)

postgresql is vulnerable to denial of service. A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory...

Amazon Linux AMI : postgresql96 (ALAS-2018-1119)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

Debian DSA-4335-1 : nginx - security update

Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could result in denial of service in processing HTTP/2 via excessive memory/CPU usage or server memory disclosure in the ngxhttpmp4module module used for server-side MP4 streaming. C Tenable...