Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2014-0060
Description:PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
Test IDs: 1.3.6.1.4.1.25623.1.0.871136   1.3.6.1.4.1.25623.1.0.702865   1.3.6.1.4.1.25623.1.0.702864   1.3.6.1.4.1.25623.1.0.871130   1.3.6.1.4.1.25623.1.0.881894   1.3.6.1.4.1.25623.1.0.881889   1.3.6.1.4.1.25623.1.0.881888  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-0060
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
Debian Security Information: DSA-2864 (Google Search)
http://www.debian.org/security/2014/dsa-2864
Debian Security Information: DSA-2865 (Google Search)
http://www.debian.org/security/2014/dsa-2865
RedHat Security Advisories: RHSA-2014:0211
http://rhn.redhat.com/errata/RHSA-2014-0211.html
RedHat Security Advisories: RHSA-2014:0221
http://rhn.redhat.com/errata/RHSA-2014-0221.html
RedHat Security Advisories: RHSA-2014:0249
http://rhn.redhat.com/errata/RHSA-2014-0249.html
RedHat Security Advisories: RHSA-2014:0469
http://rhn.redhat.com/errata/RHSA-2014-0469.html
http://secunia.com/advisories/61307
SuSE Security Announcement: openSUSE-SU-2014:0345 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html
SuSE Security Announcement: openSUSE-SU-2014:0368 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
http://www.ubuntu.com/usn/USN-2120-1




© 1998-2024 E-Soft Inc. All rights reserved.