74 matches found
ALPINE-CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
UBUNTU-CVE-2018-10915
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...
UBUNTU-CVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...
PostgreSQL Information Disclosure Vulnerability (CNVD-2017-06932)
PostgreSQL is a free object-relational database management system developed by the PostgreSQL development group. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. An information disclosure vulnerability exists in the...
PT-2017-2778 · Postgresql +2 · Postgresql +2
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 9.4.13 PostgreSQL versions prior to 9.5.8 PostgreSQL versions prior to 9.6.4 Description: The issue is caused by a flaw in the authorization procedure, allowing remote authenticated attackers with no privileges on...
postgresql: Improper randomization of pgcrypto functions (requiring random seed)
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...
CVE-2010-1975
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a 1 ALTER USER ...
postgresql: SQL privilege escalation via modifications to session-local state
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain...
PostgreSQL Denial of Service Vulnerability (Linux)
This host is installed with PostgreSQL Server and is prone to denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: secpodpostgresqldosvulnlin.nasl 5122 2017-01-27 12:16:00Z teissa $ PostgreSQL Denial of Service Vulnerability Linux Authors: Sujit Ghosal Copyright: Copyright c 2009...
PostgreSQL 'CVE-2009-0922' Denial of Service Vulnerability - Linux
PostgreSQL Server is prone to denial of service vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2008-1573 · Postgresql +1 · Postgresql +1
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 7.3 through 7.3.20 PostgreSQL versions 7.4 through 7.4.18 PostgreSQL versions 8.0 through 8.0.14 PostgreSQL versions 8.1 through 8.1.10 PostgreSQL versions 8.2 through 8.2.5 Description: The issue allows remote attackers t...
PT-2006-6256 · Postgresql +1 · Postgresql +1
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 7.4.1 through 7.4.14 PostgreSQL versions 8.0.x before 8.0.9 PostgreSQL versions 8.1.x before 8.1.5 Description: The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash. This is...
DEBIAN-CVE-2006-2314
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "" backslash byte 0x5c to be the trailing byt...
security flaw
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL...