541 matches found
CVE-2018-10915
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...
UBUNTU-CVE-2018-10915
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...
PostgreSQL -- two vulnerabilities
The PostgreSQL project reports: CVE-2018-10915: Certain host connection parameters defeat client-side security defenses libpq, the client connection API for PostgreSQL that is also used by other connection libraries, had an internal issue where it did not reset all of its connection state variabl...
Debian: Security Advisory (DSA-4269-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2017-0316 Updated postgresql9.3/4/6 packages fix security vulnerabilities
libpq, and by extension any connection driver that utilizes libpq, ignores empty passwords and does not transmit them to the server. When using libpq or a libpq-based connection driver to perform password-based authentication methods, it would appear that setting an empty password would be the...
BSA-2017-394
Security Advisory ID : BSA-2017-394 Component : PostgreSQL Revision : 1.0: Interim It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain...
PostgreSQL Multiple Vulnerabilities (Aug 2017) - Windows
PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...
PostgreSQL Multiple Vulnerabilities (Aug 2017) - Linux
PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...
openSUSE Security Update : postgresql94 (openSUSE-2017-770)
This update for postgresql94 to 9.4.12 fixes the following issues : Upstream changelogs : - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security...
PostgreSQL MITM Vulnerability (May 2017) - Windows
PostgreSQL is prone to a man-in-the-middle MITM vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Vulnerability in client (CVE-2017-7485)
libpq ignores PGREQUIRESSL environment variable...
PostgreSQL vulnerabilities
The PostgreSQL project reports: Security Fixes nested CASE expressions + database and role names with embedded special characters CVE-2017-7484: selectivity estimators bypass SELECT privilege checks. CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable CVE-2017-7486: pgusermappings view...
PostgreSQL <= 8.01 Remote Reboot Denial of Service Exploit
No description provided by source. / PostgreSQL Remote Reboot =8.01 writen by ChoiX [email protected] c Unl0ck Research Team www.unl0ck.org info: Server can be rebooted only if plpgsql language is switched on. To compilate exploit you should have libpq library on your box and use command $ cc -o...
Fedora 17 : postgresql-9.1.5-1.fc17 (2012-12165)
Update to PostgreSQL 9.1.5, for various fixes described at http://www.postgresql.org/docs/9.1/static/release-9-1-5.html including the fixes for CVE-2012-3488, CVE-2012-3489 Configure postmaster to create Unix-domain sockets in both /var/run/postgresql and /tmp; the former is now the default place...
CVE-2009-2943
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...
CVE-2009-2943
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...
CVE-2009-2943
CVE-2009-2943 concerns postgresql-ocaml bindings for PostgreSQL libpq. The affected bindings versions 1.5.4, 1.7.0, and 1.12.1 do not properly support PQescapeStringConn, enabling escaping issues with certain multibyte encodings and potentially enabling remote abuse via the library code path. Deb...
Debian Security Advisory DSA 1909-1 (postgresql-ocaml)
The remote host is missing an update to postgresql-ocaml announced via advisory DSA 1909-1. OpenVAS Vulnerability Test $Id: deb19091.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1909-1 postgresql-ocaml Authors: Thomas Reinke Copyright: Copyright c 2009...
Moderate: Red Hat Security Advisory: postgresql security update
Updated postgresql packages that fix several security vulnerabilities and risks of data loss are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system DBMS that...
PostgreSQL 8.01 - Remote Reboot (Denial of Service)
PostgreSQL 8.01 - Remote Reboot Denial of Service / PostgreSQL Remote Reboot include include include include include define DEFAULTPORT "5321" define DEFAULTDB "postgresql" define FUNCNAME "uKttest" define TABLENAME "unl0cktable" char str4000; char create="CREATE OR REPLACE FUNCTION %s RETURNS...