20 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-20229
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all...
RHEL 7 : postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: Uncontrolled search path element in pgdump and other client applications CVE-2018-1058 - It w...
Puppet Enterprise < 2019.8.6 PostgreSQL Vulnerabilities
For more information about these vulnerabilities, refer to the Postgresql News Page. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin were extracted...
Mageia: Security Advisory (MGASA-2021-0121)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202105-32 : PostgreSQL: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202105-32 PostgreSQL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : An authenticated remote attacker, by executing...
SUSE: Security Advisory (SUSE-SU-2021:0543-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Security Bypass Vulnerability in PostgreSQL Affects IBM Connect:Direct Web Services (CVE-2021-20229)
Summary Security bypass vulnerability in PostgreSQL versions used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-20229 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain...
SUSE: Security Advisory (SUSE-SU-2021:0545-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PostgreSQL 11.x < 11.11 / 12.x < 12.6 / 13.x < 13.2 Multiple Vulnerabilities
The version of PostgreSQL installed on the remote host is 11 prior to 11.11, 12 prior to 12.6, or 13 prior to 13.2. As such, it is potentially affected by multiple vulnerabilities : - An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user...
OESA-2021-1124 postgresql security update
PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...
Updated postgresql packages fix security vulnerabilities
A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message CVE-2021-3393. A user having a SELECT privilege on an individual column can craft a special query that returns all columns of...
CVE-2021-20229
CVE-2021-20229 – Summary (based on provided sources): PostgreSQL versions before 13.2 are vulnerable to a confidentiality flaw where a user with SELECT privilege on a single column can craft a query that returns all columns in a table. The issue is discussed across multiple advisories (IBM Securi...
CVE-2021-20229
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality...
SUSE SLED15 / SLES15 Security Update : postgresql13 (SUSE-SU-2021:0543-1)
This update for postgresql13 fixes the following issues : Upgrade to version 13.2 : - Updating stored views and reindexing might be needed after applying this update. - CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. - CVE-2021-20229, bsc1182039: Fix...
[ASA-202102-31] postgresql: information disclosure
Arch Linux Security Advisory ASA-202102-31 ========================================== Severity: Medium Date : 2021-02-20 CVE-ID : CVE-2021-3393 CVE-2021-20229 Package : postgresql Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-1567 Summary ======= The package...
Security fix for the ALT Linux 10 package postgresql13 version 13.2-alt1
Feb. 11, 2021 Alexei Takaseev 13.2-alt1 - 13.2 Fixes CVE-2021-20229, CVE-2021-3393...
KLA12088 Multiple vulnerabilities in PostgreSQL
Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A security bypass vulnerability in SELECT privilege can be exploited to bypass securi...
Security fix for the ALT Linux 10 package postgresql15 version 13.2-alt1
Feb. 11, 2021 Alexei Takaseev 13.2-alt1 - 13.2 Fixes CVE-2021-20229, CVE-2021-3393...
Security fix for the ALT Linux 10 package postgresql14 version 13.2-alt1
Feb. 11, 2021 Alexei Takaseev 13.2-alt1 - 13.2 Fixes CVE-2021-20229, CVE-2021-3393...
Design/Logic Flaw
Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...