exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

CVE-2018-10915

Status Candidate

Overview

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

Related Files

Red Hat Security Advisory 2018-3816-01
Posted Dec 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include memory disclosure and client-side security problems.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2018-1053, CVE-2018-1058, CVE-2018-10915, CVE-2018-10925
MD5 | 8e006513de19d1c89ea0cf3c9d7db529
Gentoo Linux Security Advisory 201810-08
Posted Oct 31, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201810-8 - Multiple vulnerabilities have been found in PostgreSQL, the worst which could lead to privilege escalation. Versions less than 10.5 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2018-10915, CVE-2018-10925, CVE-2018-1115
MD5 | e584a5b6686138584a280a4b1b0346a8
Red Hat Security Advisory 2018-2729-01
Posted Sep 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2729-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-10268, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-3636, CVE-2017-3641, CVE-2017-3651, CVE-2017-3653, CVE-2018-10892, CVE-2018-10915, CVE-2018-14620, CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2755, CVE-2018-2761, CVE-2018-2767, CVE-2018-2771, CVE-2018-2781, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819
MD5 | 04f466800f64d37b9be1ae64b9719964
Red Hat Security Advisory 2018-2721-01
Posted Sep 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2721-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10915, CVE-2018-14620, CVE-2018-14635
MD5 | 7df2d41c8aa1c15c17827a684786bddb
Red Hat Security Advisory 2018-2643-01
Posted Sep 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2643-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-1000180, CVE-2018-10237, CVE-2018-1067, CVE-2018-10862, CVE-2018-10915, CVE-2018-1114, CVE-2018-8039
MD5 | 0af466be7b8ece10badd17353a6cd6d5
Red Hat Security Advisory 2018-2566-01
Posted Aug 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2566-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a client-side security defense vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-15098, CVE-2017-15099, CVE-2018-1053, CVE-2018-1058, CVE-2018-10915, CVE-2018-10925, CVE-2018-1115
MD5 | 18b19872fd2a138071b7e1b96a5f9204
Red Hat Security Advisory 2018-2565-01
Posted Aug 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2565-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include client-side defense vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2018-10915, CVE-2018-10925, CVE-2018-1115
MD5 | 08f18b939b68bf18c3d525ff305bde91
Red Hat Security Advisory 2018-2557-01
Posted Aug 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2557-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include defeating of a client-side defense.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10915
MD5 | ae2abc2953552a69a4b76e539667e06d
Red Hat Security Advisory 2018-2511-01
Posted Aug 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2511-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a memory disclosure vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-15098, CVE-2017-15099, CVE-2018-1053, CVE-2018-1058, CVE-2018-10915, CVE-2018-10925
MD5 | a6c9e254b5a796dcd21f88dc9a6455c9
Ubuntu Security Notice USN-3744-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3744-1 - Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10915, CVE-2018-10925
MD5 | af16db35ec128995a527666b5424b03e
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close