Page 4 of 54 results (0.007 seconds)

CVSS: 7.6EPSS: 0%CPEs: 47EXPL: 0

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. PostgreSQL en versiones anteriores a 9.1.23, 9.2.x en versiones anteriores a 9.2.18, 9.3.x en versiones anteriores a 9.3.14, 9.4.x en versiones anteriores a 9.4.9 y 9.5.x en versiones anteriores a 9.5.4 podrían permitir a usuarios remotos autenticados con el rol CREATEDB o CREATEROLE obtener privilegios de superusuario a través de un carácter (1) " (comillas dobles), (2) \ (barra invertida), (3) retorno de carro o (4) nueva linea en (a) una base de datos o (b) el nombre del rol que se maneja incorrectamente durante una operación administrativa. A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. • http://rhn.redhat.com/errata/RHSA-2016-1781.html http://rhn.redhat.com/errata/RHSA-2016-1820.html http://rhn.redhat.com/errata/RHSA-2016-1821.html http://rhn.redhat.com/errata/RHSA-2016-2606.html http://www.debian.org/security/2016/dsa-3646 http://www.securityfocus.com/bid/92435 http://www.securitytracker.com/id/1036617 https://access.redhat.com/errata/RHSA-2017:2425 https://security.gentoo.org/glsa/201701-33 https://www.postgresql.org/about/news/1688 https: • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 21%CPEs: 28EXPL: 0

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. PostgreSQL en versiones anteriores a 9.1.20, 9.2.x en versiones anteriores a 9.2.15, 9.3.x en versiones anteriores a 9.3.11, 9.4.x en versiones anteriores a 9.4.6 y 9.5.x en versiones anteriores a 9.5.1 permite a atacantes remotos provocar una denegación de servicio (bucle infinito o desbordamiento de buffer y caída) a través de un amplio rango de caracteres Unicode en una expresión regular. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177878.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html http://lists.opensuse.org/opensuse-security-announce& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 6.4EPSS: 2%CPEs: 49EXPL: 0

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. La función crypt en contrib/pgcrypto en PostgreSQL en versiones anteriores a 9.0.23, 9.1.x en versiones anteriores a 9.1.19, 9.2.x en versiones anteriores a 9.2.14, 9.3.x en versiones anteriores a 9.3.10 y 9.4.x en versiones anteriores a 9.4.5 permite a atacantes provocar una denegación de servicio (caída del servidor) o leer la memoria del servidor arbitrariamente a través de un salt 'too-short'. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00040.html http://www.debian.org/security/2015/dsa-3374 http://www.debian.org/security/2016/dsa-3475 http://www.oracle.com/technetwork/top • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. contrib/pgcrypto en PostgreSQL versiones anteriores a 9.0.20, versiones 9.1.x anteriores a 9.1.16, versiones 9.2.x anteriores a 9.2.11, versiones 9.3.x anteriores a 9.3.7 y versiones 9.4.x anteriores a 9.4.2, utiliza diferentes respuestas de error cuando una clave incorrecta se usada, lo que facilita a atacantes obtener la clave por medio de un ataque de fuerza bruta. It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known. • http://ubuntu.com/usn/usn-2621-1 http://www.debian.org/security/2015/dsa-3269 http://www.debian.org/security/2015/dsa-3270 http://www.postgresql.org/about/news/1587 http://www.postgresql.org/docs/9.0/static/release-9-0-20.html http://www.postgresql.org/docs/9.1/static/release-9-1-16.html http://www.postgresql.org/docs/9.2/static/release-9-2-11.html http://www.postgresql.org/docs/9.3/static/release-9-3-7.html http://www.postgresql.org/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 5.0EPSS: 8%CPEs: 44EXPL: 0

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. Vulnerabilidad de doble liberación en PostgreSQL anterior a 9.0.20, 9.1.x anterior a 9.1.16, 9.2.x anterior a 9.2.11, 9.3.x anterior a 9.3.7, y 9.4.x anterior a 9.4.2 permite a atacantes remotos causar una denegación de servicio (caída) mediante el cierre de una sesión SSL en un momento cuando el fin de sesión de la autenticación caducará durante la secuencia del cierre de sesión. A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1194.html http://rhn.redhat.com/errata/RHSA-2015-1195.html http://rhn.redhat.com/errata/RHSA-2015-1196.html http://www.debian.org/security/2015/dsa-3269 http://www.debian.org/security/2015/dsa-3270 http://www.postgresql.org/about/news/1587 http://www.postgresql.org/docs/9.0/static/release-9-0-20.html http://www.postgresql.org/docs/9.1/static • CWE-416: Use After Free •