Lucene search

K

RedhatCVELIST:CVE-2014-0060

HistoryMar 28, 2014 - 5:00 p.m.

CVE-2014-0060

2014-03-2817:00:00

redhat

www.cve.org

5.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.8%

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.

References

archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.opensuse.org/opensuse-updates/2014-03/msg00018.html

lists.opensuse.org/opensuse-updates/2014-03/msg00038.html

rhn.redhat.com/errata/RHSA-2014-0211.html

rhn.redhat.com/errata/RHSA-2014-0221.html

rhn.redhat.com/errata/RHSA-2014-0249.html

rhn.redhat.com/errata/RHSA-2014-0469.html

secunia.com/advisories/61307

support.apple.com/kb/HT6448

wiki.postgresql.org/wiki/20140220securityrelease

www.debian.org/security/2014/dsa-2864

www.debian.org/security/2014/dsa-2865

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.postgresql.org/about/news/1506/

www.ubuntu.com/usn/USN-2120-1

puppet.com/security/cve/cve-2014-0060

support.apple.com/kb/HT6536

5.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.8%

Related for CVELIST:CVE-2014-0060

prion1 seebug2 cve1 ubuntucve1 checkpoint_advisories1 veracode4 nvd1 postgresql1 nessus25 centos3 oraclelinux2 kaspersky1 openvas26 amazon2 redhat4 securityvulns6 ubuntu1 debian2 osv2 mageia2 freebsd1 gentoo1 oracle1