56 matches found
CVE-2016-0766
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors...
Code injection
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors...
CVE-2016-0766
CVE-2016-0766 affects PostgreSQL releases prior to: 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1. Root cause: improper restriction of unspecified custom configuration settings (GUCS) for PL/Java, enabling privilege escalation by manipulating PL/Java...
CVE-2016-0766
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors...
PostgreSQL 9.1.x < 9.1.20 / 9.2.x < 9.2.15 / 9.3.x < 9.3.11 / 9.4.x < 9.4.6 / 9.5.x < 9.5.1 Multiple Vulnerabilities
The version of PostgreSQL installed on the remote host is 9.1.x prior to 9.1.20, 9.2.x prior to 9.2.15, 9.3.x prior to 9.3.11, 9.4.x prior to 9.4.6, or 9.5.x prior to 9.5.1. It is, therefore, affected by the following vulnerabilities : - An integer overflow condition exists due to improper...
Debian DSA-3475-1 : postgresql-9.1 - security update
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. ...
FreeBSD : PostgreSQL -- Security Fixes for Regular Expressions, PL/Java. (e8b6605b-d29f-11e5-8458-6cc21735f730)
PostgreSQL project reports : Security Fixes for Regular Expressions, PL/Java - CVE-2016-0773: This release closes security hole CVE-2016-0773, an issue with regular expression regex parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering...
Debian DSA-3476-1 : postgresql-9.4 - security update
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. - CVE-2016-0766 A privilege escalation vulnerability for users of PL/Java was discovered. Certain custom configuration settings GUCs for PL/Java will now be modifiable only by the database superuser to mitigate this...
[SECURITY] [DSA 3475-1] postgresql-9.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3475-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 13, 2016 https://www.debian.org/security/faq -...
DSA-3475-1 postgresql-9.1 - security update
Bulletin has no description...
Debian Security Advisory DSA 3475-1 (postgresql-9.1 - security update)
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory...
Debian Security Advisory DSA 3476-1 (postgresql-9.4 - security update)
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-0766 A privilege escalation vulnerability for users of PL/Java was discovered. Certain custom configuration settings GUCs for PL/Java will now be modifiable only by the database superuser to mitigate this...
Ubuntu 14.04 LTS : PostgreSQL vulnerabilities (USN-2894-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2894-1 advisory. It was discovered that PostgreSQL incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause PostgreSQL to...
Debian: Security Advisory (DSA-3476-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-0766
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors...
PostgreSQL -- Security Fixes for Regular Expressions, PL/Java.
PostgreSQL project reports: Security Fixes for Regular Expressions, PL/Java CVE-2016-0773: This release closes security hole CVE-2016-0773, an issue with regular expression regex parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a...