256 matches found
ALPINE-CVE-2019-10130
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain...
Design/Logic Flaw
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain...
CVE-2019-10130
Removed by vendor...
MGASA-2019-0189 Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. CVE-2019-10130:...
Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. CVE-2019-10130:...
Ubuntu 16.04 LTS / 18.04 LTS : PostgreSQL vulnerabilities (USN-3972-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3972-1 advisory. It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes ...
USN-3972-1 postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities
It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. CVE-2019-10129 Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. ...
CVE-2019-10130
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain...
PostgreSQL -- Selectivity estimators bypass row security policies
The PostgreSQL project reports: PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operato...
PostgreSQL Security Bypass Vulnerability (CNVD-2016-02169)
PostgreSQL is a free object-relational database management system developed by the PostgreSQL development group. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A security bypass vulnerability exists in PostgreSQL...
CVE-2016-2193
PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role...
Design/Logic Flaw
PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role...
CVE-2016-2193
PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role...
CVE-2016-2193
CVE-2016-2193 affects PostgreSQL prior to 9.5.2 where row-security status was not correctly maintained in cached plans, potentially allowing a session running queries as multiple roles to bypass intended access restrictions. The provided sources indicate the issue lies in how row-level security i...
KLA10790 Multiple vulnerabilities in PostgreSQL
Multiple serious vulnerabilities have been found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or cause denial of service. Below is a complete list of vulnerabilities 1. An unknown vulnerability can be exploited via ...
PT-2016-1648 · Postgresql · Postgresql
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 9.5.2 Description: The issue is related to errors in security settings, allowing a remote attacker to bypass existing access restrictions by leveraging a session that performs queries as more than one role. This i...