292 matches found
CVE-2013-1900
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...
Code injection
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...
Vulnerability in contrib module (CVE-2013-1900)
Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess...
CVE-2013-1900
CVE-2013-1900 affects PostgreSQL across multiple branches (9.2.x <9.2.4, 9.1.x <9.1.9, 9.0.x <9.0.13, 8.4.x
[SECURITY] [DSA 2658-1] postgresql-9.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2658-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano April 04, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2657-1] postgresql-8.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2657-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano April 04, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2658-1 (postgresql-9.1 - several vulnerabilities)
Several vulnerabilities were discovered in PostgreSQL database server. CVE-2013-1899Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center discovered that it was possible for a connection request containing a database name that begins with - to be crafted that can damage or...
CVE-2013-1900
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...
DSA-2657-1 postgresql-8.4 - guessable random numbers
Bulletin has no description...
PostgreSQL -- anonymous remote access data corruption vulnerability
PostgreSQL project reports: The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. Al...
DSA-2658-1 postgresql-9.1 - several
Bulletin has no description...
PostgreSQL 8.3 < 8.3.19 / 8.4 < 8.4.12 / 9.0 < 9.0.8 / 9.1 < 9.1.4 Multiple Vulnerabilities
The version of PostgreSQL installed on the remote host is 8.3.x prior to 8.3.19, 8.4.x prior to 8.4.12, 9.0.x prior to 9.0.8, or 9.1.x prior to 9.1.4. As such, it is potentially affected by multiple vulnerabilities : - Passwords containing the byte 0x80 passed to the crypt function in pgcrypto ar...
Mandriva Update for postgresql MDVSA-2012:092 (postgresql)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Scientific Linux Security Update : postgresql on SL4.x, SL5.x, SL6.x i386/x86_64
PostgreSQL is an advanced object-relational database management system DBMS. A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...
Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64
PostgreSQL is an advanced object-relational database management system DBMS. A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...
Scientific Linux Security Update : postgresql on SL5.x i386/x86_64 (20120625)
PostgreSQL is an advanced object-relational database management system DBMS. A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed...
CentOS Update for postgresql CESA-2011:1377 centos4 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for postgresql CESA-2011:1377 centos5 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for postgresql CESA-2012:1036 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Vulnerability in contrib module (CVE-2012-2143)
Passwords containing the byte 0x80 passed to the crypt function in pgcrypto are incorrectly truncated if DES encryption was used...