Medium: postgresql95, postgresql96

Issue Overview: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.CVE-2017-12172 INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL...

Updated postgresql packages fix security vulnerabilities

The startup log file for the postmaster in newer releases, "postgres" process was opened while the process was still owned by root. With this setup, the database owner could specify a file that they did not have access to and cause the file to be corrupted with logged data CVE-2017-12172. Crash d...

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

ALPINE-CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

USN-3479-1: PostgreSQL vulnerabilities

David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2017-15098 Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing...

USN-3479-1 postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities

David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2017-15098 Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing...

Foxit Reader XFAScriptObject insert Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method o...

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

Debian DSA-4028-1 : postgresql-9.6 - security update

Several vulnerabilities have been found in the PostgreSQL database system : - CVE-2017-15098 Denial of service and potential memory disclosure in the jsonpopulaterecordset and jsonbpopulaterecordset functions - CVE-2017-15099 Insufficient permissions checks in 'INSERT ... ON CONFLICT DO UPDATE'...

Vulnerability in core server (CVE-2017-15099)

INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges...

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

UBUNTU-CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

ZOHO ManageEngine Applications Manager SQL Injection Vulnerability (CNVD-2017-35598)

ZOHO ManageEngine Applications Manager is a set of IT operations management solutions from ZOHO. A SQL injection vulnerability exists in Zoho ManageEngine Applications Manager version 13. A remote attacker can exploit this vulnerability by executing arbitrary SQL commands with the 'name' paramete...

Sql injection

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the groupname parameter to module/admingroup/addmodifygroup.php for insertgroup and updategroup...

Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise HCM Component (CNVD-2017-31848)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise HCM is one of the Human Capital Management HCM components. An unspecified...

CVE-2017-10054

Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications subcomponent: MMS. The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle...

Design/Logic Flaw

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Security. Supported versions that are affected are 11.3, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileg...

Unspecified Vulnerability in Oracle Hospitality Cruise Fleet Management (CNVD-2017-31322)

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hospitality management from Oracle Corporation. Oracle Hospitality Cruise Fleet Management is one of the fleet management components of Oracle Hospitality Cruise Fleet Management, which provide...