This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Postgresql First view 1999-12-02
Product Postgresql Last view 2020-09-16
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:* 73
cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:* 73
cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:* 72
cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:* 72
cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:* 71
cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:* 71
cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:* 71
cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:* 69
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:* 69
cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:* 68
cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:* 68
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:* 68
cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:* 66
cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:* 66
cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:* 66
cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:* 65
cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:* 65
cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:* 65
cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:* 65
cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:* 65
cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:* 65
cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:* 65
cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:* 65
cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:* 64
cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:* 63
cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:* 63
cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:* 62
cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:* 62
cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:* 62
cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:* 62
cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:* 62
cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:* 62
cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:* 62
cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:* 62
cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:* 62
cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:* 62
cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:* 61
cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:* 61
cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:* 61

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.3 2020-09-16 CVE-2020-10733

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.

7.3 2020-08-24 CVE-2020-14350

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

7.1 2020-08-24 CVE-2020-14349

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.

6.5 2020-03-17 CVE-2020-1720

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.

9.8 2020-01-27 CVE-2015-0244

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.

8.8 2020-01-27 CVE-2015-0243

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

8.8 2020-01-27 CVE-2015-0242

Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.

8.8 2020-01-27 CVE-2015-0241

The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.

4.3 2020-01-27 CVE-2014-8161

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

7.5 2019-11-20 CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

9.8 2019-11-20 CVE-2015-3166

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

9.8 2019-10-29 CVE-2019-10211

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.

7 2019-10-29 CVE-2019-10210

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.

2.2 2019-10-29 CVE-2019-10209

Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

8.8 2019-10-29 CVE-2019-10208

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

4.3 2019-07-30 CVE-2019-10130

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.

6.5 2019-07-30 CVE-2019-10129

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).

8.8 2019-06-26 CVE-2019-10164

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

7.2 2019-04-01 CVE-2019-9193

** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.

9.8 2018-11-13 CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

8.1 2018-08-20 CVE-2016-7048

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

8.1 2018-08-09 CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.

7.5 2018-08-09 CVE-2018-10915

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

9.1 2018-05-10 CVE-2018-1115

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

8.8 2018-03-02 CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

CWE : Common Weakness Enumeration

%idName
21% (19) CWE-264 Permissions, Privileges, and Access Controls
8% (8) CWE-189 Numeric Errors
7% (7) CWE-200 Information Exposure
7% (7) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (6) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
6% (6) CWE-20 Improper Input Validation
4% (4) CWE-94 Failure to Control Generation of Code ('Code Injection')
3% (3) CWE-399 Resource Management Errors
3% (3) CWE-287 Improper Authentication
3% (3) CWE-284 Access Control (Authorization) Issues
2% (2) CWE-787 Out-of-bounds Write
2% (2) CWE-732 Incorrect Permission Assignment for Critical Resource
2% (2) CWE-426 Untrusted Search Path
2% (2) CWE-362 Race Condition
2% (2) CWE-310 Cryptographic Issues
2% (2) CWE-125 Out-of-bounds Read
2% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (1) CWE-476 NULL Pointer Dereference
1% (1) CWE-427 Uncontrolled Search Path Element
1% (1) CWE-311 Missing Encryption of Sensitive Data
1% (1) CWE-295 Certificate Issues
1% (1) CWE-254 Security Features
1% (1) CWE-209 Information Exposure Through an Error Message
1% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-4 Using Alternative IP Address Encodings
CAPEC-13 Subverting Environment Variable Values
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-51 Poison Web Service Registry
CAPEC-57 Utilizing REST's Trust in the System Resource to Register Man in the Middle
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-76 Manipulating Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-87 Forceful Browsing
CAPEC-94 Man in the Middle Attack
CAPEC-104 Cross Zone Scripting
CAPEC-114 Authentication Abuse

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:11360 The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local u...
oval:org.mitre.oval:def:10234 Buffer overflow in the readline function in util/texindex.c, as used by the (...
oval:org.mitre.oval:def:10927 Buffer overflow in the readline function in util/texindex.c, as used by the (...
oval:org.mitre.oval:def:10175 Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attacker...
oval:org.mitre.oval:def:10148 Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attacker...
oval:org.mitre.oval:def:9345 Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attacker...
oval:org.mitre.oval:def:676 PostgreSQL Character Conversion Vulnerability
oval:org.mitre.oval:def:10050 PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain charact...
oval:org.mitre.oval:def:9343 The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init...
oval:org.mitre.oval:def:1086 PostgreSQL tsearch2 "internal" Functions Vulnerability
oval:org.mitre.oval:def:10618 PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x...
oval:org.mitre.oval:def:9947 PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x...
oval:org.mitre.oval:def:11425 backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authe...
oval:org.mitre.oval:def:10905 backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x befor...
oval:org.mitre.oval:def:10122 backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authen...
oval:org.mitre.oval:def:11353 The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 befo...
oval:org.mitre.oval:def:22160 ELSA-2007:0068: postgresql security update (Moderate)
oval:org.mitre.oval:def:9739 PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 befor...
oval:org.mitre.oval:def:20481 DSA-1311-1 postgresql-7.4
oval:org.mitre.oval:def:20469 DSA-1309-1 postgresql-8.1
oval:org.mitre.oval:def:10090 Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before...
oval:org.mitre.oval:def:21808 ELSA-2007:0336: postgresql security update (Moderate)
oval:org.mitre.oval:def:10334 PostgreSQL 8.1 and probably later versions, when local trust authentication i...
oval:org.mitre.oval:def:9804 The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2...
oval:org.mitre.oval:def:11569 The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2...

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
70740 PostgreSQL intarray Module contrib/intarray/_int_bool.c gettoken() Function O...
68436 PostgreSQL PL perl / Tcl SECURITY DEFINER Function Crafted Script Code Execut...
64792 PostgreSQL RESET ALL Operation Privilege Check Weakness Arbitrary Parameter S...
64757 PostgreSQL PL / Tcl Implementation pltcl_modules Table Permission Weakness Ar...
64756 PostgreSQL Safe Module PL / perl Procedure Restriction Weakness Arbitrary Per...
64755 PostgreSQL Safe Module PL / perl Procedure Restriction Weakness Arbitrary Per...
63208 PostgreSQL src/backend/executor/nodeHash.c SELECT Statement Overflow DoS
62129 PostgreSQL backend/utils/adt/varbit.c bitsubstr Function Remote DoS
61039 PostgreSQL Index Function Session Manipulation Privilege Escalation
61038 PostgreSQL SSL Certificate Authority (CA) Null Byte Handling MiTM Weakness
57918 PostgreSQL $libdir/plugins Library Reload Backend Server Shutdown DoS
57917 PostgreSQL LDAP Anonymous Bind Authentication Bypass
57901 PostgreSQL RESET SESSION AUTHORIZATION Remote Privilege Escalation
54512 PostgreSQL Client-specific Encoding Localized Error Message Conversion DoS
40906 TCL in PostgreSQL Out-of-bounds Backref Number Remote DoS
40905 TCL in PostgreSQL Crafted Regexp Infinite Loop Remote DoS
40904 PostgreSQL Multiple Operation Remote Privilege Escalation
40903 PostgreSQL DBLink Module Unspecified Remote Privilege Escalation
40902 TCL in PostgreSQL Regular Expression Parser Crafted Doubly-nested State Regex...
40901 Database Link Library (dblink) Remote Function Mapping Privilege Escalation
40900 PostgreSQL PL/pgSQL (plpgsql) Function Creation Remote Privilege Escalation
40899 PostgreSQL dblink host Variable Crafted Localhost Proxy Remote Privilege Esca...
34903 PostgreSQL SECURITY DEFINER Functions Search Path Subversion Local Privilege ...
33302 PostgreSQL Query Planner Table Compatibility Memory Access
33087 PostgreSQL Function Argument Data Type Check Bypass

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2534-1 (postgresql-8.4 - several vulnerabilities)
File : nvt/deb_2534_1.nasl
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)
File : nvt/glsa_201209_24.nasl
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-03 (php)
File : nvt/glsa_201209_03.nasl
2012-09-25 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-09-17 Name : CentOS Update for postgresql84 CESA-2012:1263 centos5
File : nvt/gb_CESA-2012_1263_postgresql84_centos5.nasl
2012-09-17 Name : CentOS Update for postgresql CESA-2012:1263 centos6
File : nvt/gb_CESA-2012_1263_postgresql_centos6.nasl
2012-09-17 Name : CentOS Update for postgresql CESA-2012:1264 centos5
File : nvt/gb_CESA-2012_1264_postgresql_centos5.nasl
2012-09-17 Name : RedHat Update for postgresql and postgresql84 RHSA-2012:1263-01
File : nvt/gb_RHSA-2012_1263-01_postgresql_and_postgresql84.nasl
2012-09-17 Name : RedHat Update for postgresql RHSA-2012:1264-01
File : nvt/gb_RHSA-2012_1264-01_postgresql.nasl
2012-08-30 Name : FreeBSD Ports: postgresql-server
File : nvt/freebsd_postgresql-server2.nasl
2012-08-30 Name : Fedora Update for php FEDORA-2012-10936
File : nvt/gb_fedora_2012_10936_php_fc17.nasl
2012-08-30 Name : Fedora Update for postgresql FEDORA-2012-12156
File : nvt/gb_fedora_2012_12156_postgresql_fc16.nasl
2012-08-30 Name : Fedora Update for postgresql FEDORA-2012-12165
File : nvt/gb_fedora_2012_12165_postgresql_fc17.nasl
2012-08-30 Name : Fedora Update for postgresql FEDORA-2012-2508
File : nvt/gb_fedora_2012_2508_postgresql_fc17.nasl
2012-08-30 Name : Fedora Update for postgresql FEDORA-2012-8924
File : nvt/gb_fedora_2012_8924_postgresql_fc17.nasl
2012-08-30 Name : Fedora Update for maniadrive FEDORA-2012-9490
File : nvt/gb_fedora_2012_9490_maniadrive_fc17.nasl
2012-08-30 Name : Fedora Update for php FEDORA-2012-9490
File : nvt/gb_fedora_2012_9490_php_fc17.nasl
2012-08-21 Name : Mandriva Update for postgresql MDVSA-2012:139 (postgresql)
File : nvt/gb_mandriva_MDVSA_2012_139.nasl
2012-08-21 Name : Ubuntu Update for postgresql-9.1 USN-1542-1
File : nvt/gb_ubuntu_USN_1542_1.nasl
2012-08-10 Name : Debian Security Advisory DSA 2491-1 (postgresql-8.4)
File : nvt/deb_2491_1.nasl
2012-08-10 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD18.nasl
2012-08-06 Name : Fedora Update for php FEDORA-2012-10908
File : nvt/gb_fedora_2012_10908_php_fc16.nasl
2012-08-03 Name : Mandriva Update for postgresql MDVSA-2012:092 (postgresql)
File : nvt/gb_mandriva_MDVSA_2012_092.nasl
2012-08-03 Name : Mandriva Update for php MDVSA-2012:093 (php)
File : nvt/gb_mandriva_MDVSA_2012_093.nasl
2012-07-30 Name : CentOS Update for postgresql CESA-2011:0197 centos4 x86_64
File : nvt/gb_CESA-2011_0197_postgresql_centos4_x86_64.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-B-0068 Multiple Vulnerabilities in PostgreSQL
Severity: Category I - VMSKEY: V0060809
2014-B-0022 Multiple Vulnerabilities in PostgreSQL
Severity: Category I - VMSKEY: V0044531
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2013-B-0035 Multiple Vulnerabilities in PostgreSQL
Severity: Category I - VMSKEY: V0037619
2012-A-0136 Multiple Vulnerabilities in Juniper Network Management Products
Severity: Category I - VMSKEY: V0033662

Snort® IPS/IDS

Date Description
2019-12-03 PostgreSQL SCRAM authentication stack buffer overflow attempt
RuleID : 52039 - Type : SERVER-OTHER - Revision : 1
2019-12-03 PostgreSQL SCRAM authentication stack buffer overflow attempt
RuleID : 52038 - Type : SERVER-OTHER - Revision : 1
2019-09-17 PostgreSQL interval stack buffer overflow attempt
RuleID : 51046 - Type : SERVER-OTHER - Revision : 1
2018-05-29 PostgreSQL Empty Password authentication bypass attempt
RuleID : 46449 - Type : SERVER-OTHER - Revision : 1
2014-01-10 PostgreSQL database name command line injection attempt
RuleID : 26586 - Type : SERVER-OTHER - Revision : 4
2014-01-10 PHP truncated crypt function attempt
RuleID : 23896 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10 PHP truncated crypt function attempt
RuleID : 23895 - Type : SERVER-WEBAPP - Revision : 5
2014-01-10 truncated crypt function attempt
RuleID : 23894 - Type : SERVER-WEBAPP - Revision : 7
2014-01-10 PostgreSQL bit substring buffer overflow attempt
RuleID : 16393 - Type : SERVER-OTHER - Revision : 9

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-08550a9006.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5d1f7bd2d7.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1117.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1118.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1119.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-24.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2860.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_1c27a706e3aa11e8b77a6cc21735f730.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201810-08.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1311.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1312.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1080.nasl - Type: ACT_GATHER_INFO
2018-09-20 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1079.nasl - Type: ACT_GATHER_INFO
2018-09-20 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1080.nasl - Type: ACT_GATHER_INFO
2018-09-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1074.nasl - Type: ACT_GATHER_INFO
2018-08-31 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0178.nasl - Type: ACT_GATHER_INFO
2018-08-31 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0087.nasl - Type: ACT_GATHER_INFO
2018-08-29 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2557.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0015.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0048.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0108.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0122.nasl - Type: ACT_GATHER_INFO
2018-08-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1464.nasl - Type: ACT_GATHER_INFO
2018-08-16 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d8f5aea89d.nasl - Type: ACT_GATHER_INFO
2018-08-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4269.nasl - Type: ACT_GATHER_INFO