PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the referenced CVE identifiers for details. In addition it was discovered that Gentoo’s PostgreSQL installation suffered fro...

July 24, 2018—KB4340917 (OS Build 17134.191)

July 24, 2018—KB4340917 OS Build 17134.191 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Important changes include the following: Addresses an issue that causes devices within Active Directory or Hybrid AADJ...

Amazon Linux AMI : postgresql96 (ALAS-2018-1074)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

USN-3744-1: PostgreSQL vulnerabilities

Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

Authorization

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...

CVE-2018-10925

Removed by vendor...

CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...

PostgreSQL -- two vulnerabilities

The PostgreSQL project reports: CVE-2018-10915: Certain host connection parameters defeat client-side security defenses libpq, the client connection API for PostgreSQL that is also used by other connection libraries, had an internal issue where it did not reset all of its connection state variabl...

DEBIAN-CVE-2017-12163

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of serv...

CVE-2017-12163

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of serv...

Security Bulletin: A vulnerability in Spice affects PowerKVM

Summary PowerKVM is affected by a vulnerability in Spice. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-7506 DESCRIPTION: spice is vulnerable to a denial of service, caused by an out-of-bounds write error when processing message. By sending specially-crafted...

textpattern denial of service vulnerability

textpattern is an excellent blogging system. A security vulnerability exists in the Import XML feature in textpattern version 4.6.2. An attacker can exploit this vulnerability by uploading a specially crafted XML file to cause a denial of service exhaustion of server memory resources...

CVE-2018-1000090

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

CVE-2018-1000090

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

CVE-2018-1000090

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

Icinga Memory Consumption Vulnerability

Icinga is an open source computer system and network monitoring application. Icinga suffers from a memory consumption vulnerability. An attacker can exploit this vulnerability by sending specially crafted requests that consume large amounts of server-side memory, which can trigger an OOM killer...

CVE-2018-6532

An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted authenticated and unauthenticated requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer...

Valve: ImageMagick GIF coder vulnerability leading to memory disclosure

Due to CVE-2017-15277, portions of server memory on some steamcommunity web servers could be leaked via image updates. An attacker would not be able to control what memory would be returned, but system information could be obtained. I was able to arbitrarily disclose server memory on...

CVE-2018-1052

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table...

CVE-2018-1052

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table...