Lucene search
+L

541 matches found

UbuntuCve
UbuntuCve
added 2018/08/09 12:0 a.m.29 views

CVE-2018-10915

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7AI score0.05154EPSS
Exploits0References3
OSV
OSV
added 2018/08/09 12:0 a.m.4 views

UBUNTU-CVE-2018-10915

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7.1AI score0.05154EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2018/08/09 12:0 a.m.38 views

PostgreSQL -- two vulnerabilities

The PostgreSQL project reports: CVE-2018-10915: Certain host connection parameters defeat client-side security defenses libpq, the client connection API for PostgreSQL that is also used by other connection libraries, had an internal issue where it did not reset all of its connection state variabl...

8.5CVSS2.1AI score0.05154EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/08/09 12:0 a.m.53 views

Debian: Security Advisory (DSA-4269-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS8.1AI score0.05154EPSS
Exploits0References5
OSV
OSV
added 2017/08/28 8:14 a.m.14 views

MGASA-2017-0316 Updated postgresql9.3/4/6 packages fix security vulnerabilities

libpq, and by extension any connection driver that utilizes libpq, ignores empty passwords and does not transmit them to the server. When using libpq or a libpq-based connection driver to perform password-based authentication methods, it would appear that setting an empty password would be the...

9.8CVSS8.6AI score0.61566EPSS
Exploits0References6
Broadcom
Broadcom
added 2017/08/25 12:0 a.m.6 views

BSA-2017-394

Security Advisory ID : BSA-2017-394 Component : PostgreSQL Revision : 1.0: Interim It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain...

9.8CVSS7.2AI score0.61566EPSS
Exploits0
OpenVAS
OpenVAS
added 2017/08/17 12:0 a.m.27 views

PostgreSQL Multiple Vulnerabilities (Aug 2017) - Windows

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

9.8CVSS8.5AI score0.61566EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2017/08/17 12:0 a.m.28 views

PostgreSQL Multiple Vulnerabilities (Aug 2017) - Linux

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

9.8CVSS8.5AI score0.61566EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2017/07/05 12:0 a.m.33 views

openSUSE Security Update : postgresql94 (openSUSE-2017-770)

This update for postgresql94 to 9.4.12 fixes the following issues : Upstream changelogs : - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security...

7.5CVSS6.8AI score0.06331EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2017/05/15 12:0 a.m.27 views

PostgreSQL MITM Vulnerability (May 2017) - Windows

PostgreSQL is prone to a man-in-the-middle MITM vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.9CVSS6.6AI score0.02042EPSS
Exploits0References1
PostrgeSql
PostrgeSql
added 2017/05/11 12:0 a.m.577 views

Vulnerability in client (CVE-2017-7485)

libpq ignores PGREQUIRESSL environment variable...

5.9CVSS6.4AI score0.02042EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2017/05/11 12:0 a.m.78 views

PostgreSQL vulnerabilities

The PostgreSQL project reports: Security Fixes nested CASE expressions + database and role names with embedded special characters CVE-2017-7484: selectivity estimators bypass SELECT privilege checks. CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable CVE-2017-7486: pgusermappings view...

8.3CVSS4.3AI score0.06331EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

PostgreSQL <= 8.01 Remote Reboot Denial of Service Exploit

No description provided by source. / PostgreSQL Remote Reboot =8.01 writen by ChoiX [email protected] c Unl0ck Research Team www.unl0ck.org info: Server can be rebooted only if plpgsql language is switched on. To compilate exploit you should have libpq library on your box and use command $ cc -o...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/08/27 12:0 a.m.50 views

Fedora 17 : postgresql-9.1.5-1.fc17 (2012-12165)

Update to PostgreSQL 9.1.5, for various fixes described at http://www.postgresql.org/docs/9.1/static/release-9-1-5.html including the fixes for CVE-2012-3488, CVE-2012-3489 Configure postmaster to create Unix-domain sockets in both /var/run/postgresql and /tmp; the former is now the default place...

6.5CVSS7AI score0.03297EPSS
Exploits2References6
Cvelist
Cvelist
added 2009/10/22 4:0 p.m.20 views

CVE-2009-2943

The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

6.4AI score0.02207EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2009/10/22 4:0 p.m.65 views

CVE-2009-2943

The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

7.5CVSS6.4AI score0.02207EPSS
Exploits0
CVE
CVE
added 2009/10/22 4:0 p.m.80 views

CVE-2009-2943

CVE-2009-2943 concerns postgresql-ocaml bindings for PostgreSQL libpq. The affected bindings versions 1.5.4, 1.7.0, and 1.12.1 do not properly support PQescapeStringConn, enabling escaping issues with certain multibyte encodings and potentially enabling remote abuse via the library code path. Deb...

7.5CVSS6.3AI score0.02207EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2009/10/19 12:0 a.m.22 views

Debian Security Advisory DSA 1909-1 (postgresql-ocaml)

The remote host is missing an update to postgresql-ocaml announced via advisory DSA 1909-1. OpenVAS Vulnerability Test $Id: deb19091.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1909-1 postgresql-ocaml Authors: Thomas Reinke Copyright: Copyright c 2009...

7.5CVSS0.7AI score0.02207EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2005/06/01 1:24 p.m.28 views

Moderate: Red Hat Security Advisory: postgresql security update

Updated postgresql packages that fix several security vulnerabilities and risks of data loss are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system DBMS that...

7.5CVSS5.8AI score0.02045EPSS
Exploits0References5
exploitpack
exploitpack
added 2005/04/19 12:0 a.m.8 views

PostgreSQL 8.01 - Remote Reboot (Denial of Service)

PostgreSQL 8.01 - Remote Reboot Denial of Service / PostgreSQL Remote Reboot include include include include include define DEFAULTPORT "5321" define DEFAULTDB "postgresql" define FUNCNAME "uKttest" define TABLENAME "unl0cktable" char str4000; char create="CREATE OR REPLACE FUNCTION %s RETURNS...

0.3AI score
Exploits0
Rows per page
Query Builder