WEB APPLICATION VULNERABILITIES Standard & Premium

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0067)

Description

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

Remediation

References

Related Vulnerabilities

WordPress Plugin Qwizcards-online quizzes and flashcards Cross-Site Scripting (3.36)

MySQL CVE-2017-3600 Vulnerability (CVE-2017-3600)

WordPress Plugin Deeper Comments Security Bypass (2.1.1)

MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-35625)

WordPress Plugin WP Customer Area Cross-Site Request Forgery (8.1.3)

Severity

Medium

Classification

CVE-2014-0067 CWE-264

Tags

Missing Update Known Vulnerabilities