Lucene search
K

23 matches found

Amazon
Amazon
added 2012/05/23 12:0 a.m.38 views

Medium: postgresql8

Issue Overview: The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later...

6.8CVSS8.3AI score0.03625EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2012/05/22 12:0 a.m.26 views

CentOS 5 / 6 : postgresql / postgresql84 (CESA-2012:0678)

Updated postgresql84 and postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

6.8CVSS7.7AI score0.03625EPSS
Exploits1References5
seebug.org
seebug.org
added 2012/02/29 12:0 a.m.608 views

PostgreSQL 8.x/9.x 存在多个安全漏洞

CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 PostgreSQL是一款对象关系型数据库管理系统,支持扩展的SQL标准子集 PostgreSQL存在多个安全漏洞,允许恶意用户绕过部分安全限制,进行伪造攻击或操作某些数据 -在触发函数上没有对CREATE TRIGGER进行正确的权限检查,可利用此漏洞标记触发函数为SECURITY DEFINER,可授权EXECUTE权限 -在校验SSL证书的公用名时不正确把名称截断为32个字符,可导致不正确校验伪造证书...

6.8CVSS7AI score0.03625EPSS
Exploits1
Rows per page
Query Builder