Vulnerability-Lookup

CVE-2014-0078 (GCVE-0-2014-0078)

Vulnerability from cvelistv5 – Published: 2014-05-14 19:00 – Updated: 2024-08-06 09:05

Summary

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

2 references

URL	Tags
http://rhn.redhat.com/errata/RHSA-2014-0469.html	vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1064556	x_refsource_CONFIRM

Date Public

2014-05-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:38.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:0469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-14T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:0469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0078",
    "datePublished": "2014-05-14T19:00:00.000Z",
    "dateReserved": "2013-12-03T00:00:00.000Z",
    "dateUpdated": "2024-08-06T09:05:38.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2014-0078",
      "date": "2026-05-27",
      "epss": "0.00619",
      "percentile": "0.70225"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.2.3\", \"matchCriteriaId\": \"25657755-FA72-4D27-93A1-45D61D22490E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D21CFAD1-5422-4595-841D-A80F940B1545\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E38C4E54-BFA6-4CF7-A73E-E3890496BFA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F275AD8-24FA-4897-9BE4-D116A083D384\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.\"}, {\"lang\": \"es\", \"value\": \"CatalogController en Red Hat CloudForms Management Engine (CFME) anterior a 5.2.3.2 permite a usuarios remotos autenticados eliminar cat\\u00e1logos arbitrarios a trav\\u00e9s de vectores involucrando adivinar el identificador del cat\\u00e1logo.\"}]",
      "id": "CVE-2014-0078",
      "lastModified": "2024-11-21T02:01:18.953",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:N/A:P\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-05-14T19:55:10.687",
      "references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0469.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1064556\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0469.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1064556\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0078\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-05-14T19:55:10.687\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.\"},{\"lang\":\"es\",\"value\":\"CatalogController en Red Hat CloudForms Management Engine (CFME) anterior a 5.2.3.2 permite a usuarios remotos autenticados eliminar cat\u00e1logos arbitrarios a trav\u00e9s de vectores involucrando adivinar el identificador del cat\u00e1logo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.3\",\"matchCriteriaId\":\"25657755-FA72-4D27-93A1-45D61D22490E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D21CFAD1-5422-4595-841D-A80F940B1545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E38C4E54-BFA6-4CF7-A73E-E3890496BFA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F275AD8-24FA-4897-9BE4-D116A083D384\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0469.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1064556\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0469.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1064556\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2014-0078

Vulnerability from fkie_nvd - Published: 2014-05-14 19:55 - Updated: 2026-05-06 22:30

Severity

Summary

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-0469.html	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1064556
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-0469.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1064556

Impacted products

Vendor	Product	Version
redhat	cloudforms_3.0_management_engine	*
redhat	cloudforms_3.0_management_engine	5.2
redhat	cloudforms_3.0_management_engine	5.2.1
redhat	cloudforms_3.0_management_engine	5.2.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25657755-FA72-4D27-93A1-45D61D22490E",
              "versionEndIncluding": "5.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D21CFAD1-5422-4595-841D-A80F940B1545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E38C4E54-BFA6-4CF7-A73E-E3890496BFA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F275AD8-24FA-4897-9BE4-D116A083D384",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID."
    },
    {
      "lang": "es",
      "value": "CatalogController en Red Hat CloudForms Management Engine (CFME) anterior a 5.2.3.2 permite a usuarios remotos autenticados eliminar cat\u00e1logos arbitrarios a trav\u00e9s de vectores involucrando adivinar el identificador del cat\u00e1logo."
    }
  ],
  "id": "CVE-2014-0078",
  "lastModified": "2026-05-06T22:30:45.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-14T19:55:10.687",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FXWQ-PP2X-CH5J

Vulnerability from github – Published: 2022-05-17 04:43 – Updated: 2022-05-17 04:43

Details

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-0078"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-05-14T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.",
  "id": "GHSA-fxwq-pp2x-ch5j",
  "modified": "2022-05-17T04:43:49Z",
  "published": "2022-05-17T04:43:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0078"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0469"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2014-0078"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2014-0078

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.

Aliases

CVE-2014-0078

Aliases

CVE-2014-0078

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-0078",
    "description": "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.",
    "id": "GSD-2014-0078",
    "references": [
      "https://access.redhat.com/errata/RHSA-2014:0469"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-0078"
      ],
      "details": "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.",
      "id": "GSD-2014-0078",
      "modified": "2023-12-13T01:22:44.562108Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2014-0078",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2014-0469.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0078"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2014:0469",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T00:31Z",
      "publishedDate": "2014-05-14T19:55Z"
    }
  }
}

RHSA-2014:0469

Vulnerability from csaf_redhat - Published: 2014-05-12 18:12 - Updated: 2025-11-21 17:48

Summary

Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Severity

Important

Notes

Topic: Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. A flaw was found in the way Ruby on Rails' actionpack rubygem performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155. (CVE-2013-6417) An input sanitization flaw was found in the saved_report_delete action in the ReportController. An authenticated Management Engine user could use this flaw to perform an SQL injection attack on the Management Engine back end database. (CVE-2014-0137) It was found that Red Hat CloudForms Management Engine did not properly check user role permissions for actions associated with catalogs. An authenticated Management Engine user could use this flaw to delete arbitrary catalogs regardless of the granted permissions. (CVE-2014-0078) Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064, CVE-2014-2669) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting an SQL role to a database user in a PostgreSQL database without specifying the "ADMIN" option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from an SQL role which they were granted access to. (CVE-2014-0060) A flaw was found in the validator functions provided by PostgreSQL's procedural languages. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061) A race condition was found in the way PostgreSQL's CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062) It was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a null pointer dereference. (CVE-2014-0066) Red Hat would like to thank the Ruby on Rails project for reporting CVE-2013-6417; upstream acknowledges Sudhir Rao as the original reporter of this issue. Red Hat would also like to thank the PostgreSQL project for reporting CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, and CVE-2014-2669; upstream acknowledges Noah Misch, Heikki Linnakangas, Peter Eisentraut, Jozef Mlich, Andres Freund, Robert Haas, Honza Horak, and Bruce Momjian as the original reporters of these issues. The CVE-2014-0137 and CVE-2014-0078 issues were discovered by Jan Rusnacko of the Red Hat Product Security Team.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2013-6417

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.

6.4 ()


                        
                          AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

CVE-2014-0060

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.

5.5 ()


                        
                          AV:N/AC:L/Au:S/C:N/I:P/A:P

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2014-0061

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.

6.5 ()


                        
                          AV:N/AC:L/Au:S/C:P/I:P/A:P

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2014-0062

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

3.5 ()


                        
                          AV:N/AC:M/Au:S/C:P/I:N/A:N

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2014-0063

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.

6.5 ()


                        
                          AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-121 - Stack-based Buffer Overflow

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

CVE-2014-0064

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.

6.5 ()


                        
                          AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

CVE-2014-0065

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.

6.5 ()


                        
                          AV:N/AC:L/Au:S/C:P/I:P/A:P

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

CVE-2014-0066

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

4.0 ()


                        
                          AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-476 - NULL Pointer Dereference

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2014-0078

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.

4.0 ()


                        
                          AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-862 - Missing Authorization

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2014-0137

SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists.

4.9 ()


                        
                          AV:N/AC:M/Au:S/C:P/I:P/A:N

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

CVE-2014-2669

Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow. NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions.

6.5 ()


                        
                          AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

References

59 references

URL	Category
https://access.redhat.com/errata/RHSA-2014:0469	self
https://bugzilla.redhat.com/show_bug.cgi?id=1082154	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/site/documentation/en-U…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1036409	external
https://bugzilla.redhat.com/show_bug.cgi?id=1064556	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065219	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065220	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065222	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065226	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065230	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065235	external
https://bugzilla.redhat.com/show_bug.cgi?id=1076688	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065236	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2013-6417	self
https://bugzilla.redhat.com/show_bug.cgi?id=1036409	external
https://www.cve.org/CVERecord?id=CVE-2013-6417	external
https://nvd.nist.gov/vuln/detail/CVE-2013-6417	external
https://access.redhat.com/security/cve/CVE-2014-0060	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065219	external
https://www.cve.org/CVERecord?id=CVE-2014-0060	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0060	external
https://access.redhat.com/security/cve/CVE-2014-0061	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065220	external
https://www.cve.org/CVERecord?id=CVE-2014-0061	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0061	external
https://access.redhat.com/security/cve/CVE-2014-0062	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065222	external
https://www.cve.org/CVERecord?id=CVE-2014-0062	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0062	external
https://access.redhat.com/security/cve/CVE-2014-0063	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065226	external
https://www.cve.org/CVERecord?id=CVE-2014-0063	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0063	external
https://access.redhat.com/security/cve/CVE-2014-0064	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065230	external
https://www.cve.org/CVERecord?id=CVE-2014-0064	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0064	external
https://access.redhat.com/security/cve/CVE-2014-0065	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065235	external
https://www.cve.org/CVERecord?id=CVE-2014-0065	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0065	external
https://access.redhat.com/security/cve/CVE-2014-0066	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065236	external
https://www.cve.org/CVERecord?id=CVE-2014-0066	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0066	external
https://access.redhat.com/security/cve/CVE-2014-0078	self
https://bugzilla.redhat.com/show_bug.cgi?id=1064556	external
https://www.cve.org/CVERecord?id=CVE-2014-0078	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0078	external
https://access.redhat.com/security/cve/CVE-2014-0137	self
https://bugzilla.redhat.com/show_bug.cgi?id=1076688	external
https://www.cve.org/CVERecord?id=CVE-2014-0137	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0137	external
https://access.redhat.com/security/cve/CVE-2014-2669	self
https://bugzilla.redhat.com/show_bug.cgi?id=1082154	external
https://www.cve.org/CVERecord?id=CVE-2014-2669	external
https://nvd.nist.gov/vuln/detail/CVE-2014-2669	external

Acknowledgments

Ruby on Rails project

PostgreSQL project

Noah Misch

Andres Freund

Andres Freund Robert Haas

Heikki Linnakangas Noah Misch

Peter Eisentraut Jozef Mlich

Honza Horak Bruce Momjian

Red Hat Product Security Team Jan Rusnacko

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated cfme packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat CloudForms 3.0.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat CloudForms Management Engine delivers the insight, control, and\nautomation needed to address the challenges of managing virtual\nenvironments.\n\nA flaw was found in the way Ruby on Rails\u0027 actionpack rubygem performed\nJSON parameter parsing. An application using a third party library, which\nuses the Rack::Request interface, or custom Rack middleware could bypass\nthe protection implemented to fix the CVE-2013-0155 vulnerability, causing\nthe application to receive unsafe parameters and become vulnerable to\nCVE-2013-0155. (CVE-2013-6417)\n\nAn input sanitization flaw was found in the saved_report_delete action in\nthe ReportController. An authenticated Management Engine user could use\nthis flaw to perform an SQL injection attack on the Management Engine back\nend database. (CVE-2014-0137)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\ncheck user role permissions for actions associated with catalogs.\nAn authenticated Management Engine user could use this flaw to delete\narbitrary catalogs regardless of the granted permissions. (CVE-2014-0078)\n\nMultiple stack-based buffer overflow flaws were found in the date/time\nimplementation of PostgreSQL. An authenticated database user could provide\na specially crafted date/time value that, when processed, could cause\nPostgreSQL to crash or, potentially, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various type input functions in PostgreSQL. An authenticated\ndatabase user could possibly use these flaws to crash PostgreSQL or,\npotentially, execute arbitrary code with the permissions of the user\nrunning PostgreSQL. (CVE-2014-0064, CVE-2014-2669)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash\nPostgreSQL or, potentially, execute arbitrary code with the permissions of\nthe user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting an SQL role to a database user in a PostgreSQL\ndatabase without specifying the \"ADMIN\" option allowed the grantee to\nremove other users from their granted role. An authenticated database user\ncould use this flaw to remove a user from an SQL role which they were\ngranted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL\u0027s\nprocedural languages. An authenticated database user could possibly use\nthis flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way PostgreSQL\u0027s CREATE INDEX command\nperformed multiple independent lookups of a table that had to be indexed.\nAn authenticated database user could possibly use this flaw to escalate\ntheir privileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the\nreturn value of the crypt() function. An authenticated database user could\npossibly use this flaw to crash PostgreSQL via a null pointer dereference.\n(CVE-2014-0066)\n\nRed Hat would like to thank the Ruby on Rails project for reporting\nCVE-2013-6417; upstream acknowledges Sudhir Rao as the original reporter\nof this issue.\n\nRed Hat would also like to thank the PostgreSQL project for reporting\nCVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,\nCVE-2014-0065, CVE-2014-0066, and CVE-2014-2669; upstream acknowledges Noah\nMisch, Heikki Linnakangas, Peter Eisentraut, Jozef Mlich, Andres Freund,\nRobert Haas, Honza Horak, and Bruce Momjian as the original reporters of\nthese issues.\n\nThe CVE-2014-0137 and CVE-2014-0078 issues were discovered by Jan Rusnacko\nof the Red Hat Product Security Team.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0469",
        "url": "https://access.redhat.com/errata/RHSA-2014:0469"
      },
      {
        "category": "external",
        "summary": "1082154",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082154"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html",
        "url": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "1036409",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036409"
      },
      {
        "category": "external",
        "summary": "1064556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
      },
      {
        "category": "external",
        "summary": "1065219",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065219"
      },
      {
        "category": "external",
        "summary": "1065220",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065220"
      },
      {
        "category": "external",
        "summary": "1065222",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065222"
      },
      {
        "category": "external",
        "summary": "1065226",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065226"
      },
      {
        "category": "external",
        "summary": "1065230",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065230"
      },
      {
        "category": "external",
        "summary": "1065235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065235"
      },
      {
        "category": "external",
        "summary": "1076688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1076688"
      },
      {
        "category": "external",
        "summary": "1065236",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065236"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0469.json"
      }
    ],
    "title": "Red Hat Security Advisory: cfme security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2025-11-21T17:48:09+00:00",
      "generator": {
        "date": "2025-11-21T17:48:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2014:0469",
      "initial_release_date": "2014-05-12T18:12:35+00:00",
      "revision_history": [
        {
          "date": "2014-05-12T18:12:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-05-12T18:12:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:48:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Management Engine",
                "product": {
                  "name": "Management Engine",
                  "product_id": "6Server-CFME",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat CloudForms"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-contrib@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-plperl@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-libs@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-debuginfo@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-test@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-docs@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-upgrade@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-devel@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-server@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-plpython@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-pltcl@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prince-0:9.0r2-4.el6cf.x86_64",
                "product": {
                  "name": "prince-0:9.0r2-4.el6cf.x86_64",
                  "product_id": "prince-0:9.0r2-4.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prince@9.0r2-4.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
                  "product_id": "cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-lib@5.2.3.2-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
                  "product_id": "cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-debuginfo@5.2.3.2-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-0:5.2.3.2-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-0:5.2.3.2-1.el6cf.x86_64",
                  "product_id": "cfme-0:5.2.3.2-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme@5.2.3.2-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
                "product": {
                  "name": "mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
                  "product_id": "mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mingw32-cfme-host@5.2.3.2-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
                  "product_id": "cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-appliance@5.2.3.2-1.el6cf?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
                "product": {
                  "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
                  "product_id": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql@9.2.7-1.1.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prince-0:9.0r2-4.el6cf.src",
                "product": {
                  "name": "prince-0:9.0r2-4.el6cf.src",
                  "product_id": "prince-0:9.0r2-4.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prince@9.0r2-4.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src",
                "product": {
                  "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src",
                  "product_id": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-6.el6cf?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-0:5.2.3.2-1.el6cf.src",
                "product": {
                  "name": "cfme-0:5.2.3.2-1.el6cf.src",
                  "product_id": "cfme-0:5.2.3.2-1.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme@5.2.3.2-1.el6cf?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
                "product": {
                  "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
                  "product_id": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-6.el6cf?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-0:5.2.3.2-1.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src"
        },
        "product_reference": "cfme-0:5.2.3.2-1.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-0:5.2.3.2-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64"
        },
        "product_reference": "cfme-0:5.2.3.2-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-appliance-0:5.2.3.2-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64"
        },
        "product_reference": "cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64"
        },
        "product_reference": "cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-lib-0:5.2.3.2-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64"
        },
        "product_reference": "cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64"
        },
        "product_reference": "mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.src as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src"
        },
        "product_reference": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prince-0:9.0r2-4.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:prince-0:9.0r2-4.el6cf.src"
        },
        "product_reference": "prince-0:9.0r2-4.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prince-0:9.0r2-4.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64"
        },
        "product_reference": "prince-0:9.0r2-4.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch"
        },
        "product_reference": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        },
        "product_reference": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Ruby on Rails project"
          ]
        }
      ],
      "cve": "CVE-2013-6417",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2013-12-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1036409"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6417"
        },
        {
          "category": "external",
          "summary": "RHBZ#1036409",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036409"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6417",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6417"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6417",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6417"
        }
      ],
      "release_date": "2013-12-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Noah Misch"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0060",
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065219"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0060"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065219",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065219"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0060",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0060",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0060"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Andres Freund"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0061",
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065220"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: privilege escalation via procedural language validator functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0061"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065220",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065220"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0061",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0061"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql: privilege escalation via procedural language validator functions"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Andres Freund",
            "Robert Haas"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0062",
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065222"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: CREATE INDEX race condition possibly leading to privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0062"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065222",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065222"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0062",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0062"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql: CREATE INDEX race condition possibly leading to privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Noah Misch"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0063",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065226"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: stack-based buffer overflow in datetime input/output",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0063"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065226",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065226"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0063",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0063"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "postgresql: stack-based buffer overflow in datetime input/output"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Heikki Linnakangas",
            "Noah Misch"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0064",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065230"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow.  NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: integer overflows leading to buffer overflows",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0064"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065230",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065230"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0064",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0064",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0064"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "postgresql: integer overflows leading to buffer overflows"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Peter Eisentraut",
            "Jozef Mlich"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0065",
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065235"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: possible buffer overflow flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0065"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065235",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065235"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0065"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "postgresql: possible buffer overflow flaws"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Honza Horak",
            "Bruce Momjian"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0066",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065236"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: NULL pointer dereference",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0066"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065236",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065236"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0066",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0066"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql: NULL pointer dereference"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jan Rusnacko"
          ],
          "organization": "Red Hat Product Security Team",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2014-0078",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "discovery_date": "2014-02-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1064556"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CFME: multiple authorization bypass vulnerabilities in CatalogController",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0078"
        },
        {
          "category": "external",
          "summary": "RHBZ#1064556",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0078",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0078"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0078",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0078"
        }
      ],
      "release_date": "2014-05-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CFME: multiple authorization bypass vulnerabilities in CatalogController"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jan Rusnacko"
          ],
          "organization": "Red Hat Product Security Team",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2014-0137",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2014-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1076688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CFME: ReportController SQL injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0137"
        },
        {
          "category": "external",
          "summary": "RHBZ#1076688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1076688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0137"
        }
      ],
      "release_date": "2014-05-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "CFME: ReportController SQL injection"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Heikki Linnakangas",
            "Noah Misch"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-2669",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1082154"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow.  NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: multiple integer overflows in hstore_io.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 5 and 6.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-2669"
        },
        {
          "category": "external",
          "summary": "RHBZ#1082154",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082154"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2669",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-2669"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2669",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2669"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "postgresql: multiple integer overflows in hstore_io.c"
    }
  ]
}

RHSA-2014_0469

Vulnerability from csaf_redhat - Published: 2014-05-12 18:12 - Updated: 2024-11-22 07:41

Summary

Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Severity

Important

Notes

CVE-2013-6417

6.4 ()


                        
                          AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

CVE-2014-0060

5.5 ()


                        
                          AV:N/AC:L/Au:S/C:N/I:P/A:P

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2014-0061

6.5 ()


                        
                          AV:N/AC:L/Au:S/C:P/I:P/A:P

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2014-0062

3.5 ()


                        
                          AV:N/AC:M/Au:S/C:P/I:N/A:N

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2014-0063

6.5 ()


                        
                          AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-121 - Stack-based Buffer Overflow

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

CVE-2014-0064

6.5 ()


                        
                          AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

CVE-2014-0065

6.5 ()


                        
                          AV:N/AC:L/Au:S/C:P/I:P/A:P

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

CVE-2014-0066

4.0 ()


                        
                          AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-476 - NULL Pointer Dereference

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2014-0078

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.

4.0 ()


                        
                          AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-862 - Missing Authorization

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2014-0137

4.9 ()


                        
                          AV:N/AC:M/Au:S/C:P/I:P/A:N

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

CVE-2014-2669

6.5 ()


                        
                          AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 23 products

Product	Version	Remediation
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.src	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src	—	Vendor Fix fix

Threats

Impact Important

References

59 references

URL	Category
https://access.redhat.com/errata/RHSA-2014:0469	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/site/documentation/en-U…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1036409	external
https://bugzilla.redhat.com/show_bug.cgi?id=1064556	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065219	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065220	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065222	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065226	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065230	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065235	external
https://bugzilla.redhat.com/show_bug.cgi?id=1065236	external
https://bugzilla.redhat.com/show_bug.cgi?id=1076688	external
https://bugzilla.redhat.com/show_bug.cgi?id=1082154	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2013-6417	self
https://bugzilla.redhat.com/show_bug.cgi?id=1036409	external
https://www.cve.org/CVERecord?id=CVE-2013-6417	external
https://nvd.nist.gov/vuln/detail/CVE-2013-6417	external
https://access.redhat.com/security/cve/CVE-2014-0060	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065219	external
https://www.cve.org/CVERecord?id=CVE-2014-0060	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0060	external
https://access.redhat.com/security/cve/CVE-2014-0061	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065220	external
https://www.cve.org/CVERecord?id=CVE-2014-0061	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0061	external
https://access.redhat.com/security/cve/CVE-2014-0062	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065222	external
https://www.cve.org/CVERecord?id=CVE-2014-0062	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0062	external
https://access.redhat.com/security/cve/CVE-2014-0063	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065226	external
https://www.cve.org/CVERecord?id=CVE-2014-0063	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0063	external
https://access.redhat.com/security/cve/CVE-2014-0064	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065230	external
https://www.cve.org/CVERecord?id=CVE-2014-0064	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0064	external
https://access.redhat.com/security/cve/CVE-2014-0065	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065235	external
https://www.cve.org/CVERecord?id=CVE-2014-0065	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0065	external
https://access.redhat.com/security/cve/CVE-2014-0066	self
https://bugzilla.redhat.com/show_bug.cgi?id=1065236	external
https://www.cve.org/CVERecord?id=CVE-2014-0066	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0066	external
https://access.redhat.com/security/cve/CVE-2014-0078	self
https://bugzilla.redhat.com/show_bug.cgi?id=1064556	external
https://www.cve.org/CVERecord?id=CVE-2014-0078	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0078	external
https://access.redhat.com/security/cve/CVE-2014-0137	self
https://bugzilla.redhat.com/show_bug.cgi?id=1076688	external
https://www.cve.org/CVERecord?id=CVE-2014-0137	external
https://nvd.nist.gov/vuln/detail/CVE-2014-0137	external
https://access.redhat.com/security/cve/CVE-2014-2669	self
https://bugzilla.redhat.com/show_bug.cgi?id=1082154	external
https://www.cve.org/CVERecord?id=CVE-2014-2669	external
https://nvd.nist.gov/vuln/detail/CVE-2014-2669	external

Acknowledgments

Ruby on Rails project

PostgreSQL project

Noah Misch

Andres Freund

Andres Freund Robert Haas

Heikki Linnakangas Noah Misch

Peter Eisentraut Jozef Mlich

Honza Horak Bruce Momjian

Red Hat Product Security Team Jan Rusnacko

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated cfme packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat CloudForms 3.0.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat CloudForms Management Engine delivers the insight, control, and\nautomation needed to address the challenges of managing virtual\nenvironments.\n\nA flaw was found in the way Ruby on Rails\u0027 actionpack rubygem performed\nJSON parameter parsing. An application using a third party library, which\nuses the Rack::Request interface, or custom Rack middleware could bypass\nthe protection implemented to fix the CVE-2013-0155 vulnerability, causing\nthe application to receive unsafe parameters and become vulnerable to\nCVE-2013-0155. (CVE-2013-6417)\n\nAn input sanitization flaw was found in the saved_report_delete action in\nthe ReportController. An authenticated Management Engine user could use\nthis flaw to perform an SQL injection attack on the Management Engine back\nend database. (CVE-2014-0137)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\ncheck user role permissions for actions associated with catalogs.\nAn authenticated Management Engine user could use this flaw to delete\narbitrary catalogs regardless of the granted permissions. (CVE-2014-0078)\n\nMultiple stack-based buffer overflow flaws were found in the date/time\nimplementation of PostgreSQL. An authenticated database user could provide\na specially crafted date/time value that, when processed, could cause\nPostgreSQL to crash or, potentially, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various type input functions in PostgreSQL. An authenticated\ndatabase user could possibly use these flaws to crash PostgreSQL or,\npotentially, execute arbitrary code with the permissions of the user\nrunning PostgreSQL. (CVE-2014-0064, CVE-2014-2669)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash\nPostgreSQL or, potentially, execute arbitrary code with the permissions of\nthe user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting an SQL role to a database user in a PostgreSQL\ndatabase without specifying the \"ADMIN\" option allowed the grantee to\nremove other users from their granted role. An authenticated database user\ncould use this flaw to remove a user from an SQL role which they were\ngranted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL\u0027s\nprocedural languages. An authenticated database user could possibly use\nthis flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way PostgreSQL\u0027s CREATE INDEX command\nperformed multiple independent lookups of a table that had to be indexed.\nAn authenticated database user could possibly use this flaw to escalate\ntheir privileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the\nreturn value of the crypt() function. An authenticated database user could\npossibly use this flaw to crash PostgreSQL via a null pointer dereference.\n(CVE-2014-0066)\n\nRed Hat would like to thank the Ruby on Rails project for reporting\nCVE-2013-6417; upstream acknowledges Sudhir Rao as the original reporter\nof this issue.\n\nRed Hat would also like to thank the PostgreSQL project for reporting\nCVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,\nCVE-2014-0065, CVE-2014-0066, and CVE-2014-2669; upstream acknowledges Noah\nMisch, Heikki Linnakangas, Peter Eisentraut, Jozef Mlich, Andres Freund,\nRobert Haas, Honza Horak, and Bruce Momjian as the original reporters of\nthese issues.\n\nThe CVE-2014-0137 and CVE-2014-0078 issues were discovered by Jan Rusnacko\nof the Red Hat Product Security Team.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0469",
        "url": "https://access.redhat.com/errata/RHSA-2014:0469"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html",
        "url": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "1036409",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036409"
      },
      {
        "category": "external",
        "summary": "1064556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
      },
      {
        "category": "external",
        "summary": "1065219",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065219"
      },
      {
        "category": "external",
        "summary": "1065220",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065220"
      },
      {
        "category": "external",
        "summary": "1065222",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065222"
      },
      {
        "category": "external",
        "summary": "1065226",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065226"
      },
      {
        "category": "external",
        "summary": "1065230",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065230"
      },
      {
        "category": "external",
        "summary": "1065235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065235"
      },
      {
        "category": "external",
        "summary": "1065236",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065236"
      },
      {
        "category": "external",
        "summary": "1076688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1076688"
      },
      {
        "category": "external",
        "summary": "1082154",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082154"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0469.json"
      }
    ],
    "title": "Red Hat Security Advisory: cfme security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T07:41:57+00:00",
      "generator": {
        "date": "2024-11-22T07:41:57+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2014:0469",
      "initial_release_date": "2014-05-12T18:12:35+00:00",
      "revision_history": [
        {
          "date": "2014-05-12T18:12:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-05-12T18:12:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T07:41:57+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Management Engine",
                "product": {
                  "name": "Management Engine",
                  "product_id": "6Server-CFME",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat CloudForms"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-contrib@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-plperl@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-libs@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-debuginfo@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-test@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-docs@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-upgrade@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-devel@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-server@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-plpython@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
                "product": {
                  "name": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
                  "product_id": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql-pltcl@9.2.7-1.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prince-0:9.0r2-4.el6cf.x86_64",
                "product": {
                  "name": "prince-0:9.0r2-4.el6cf.x86_64",
                  "product_id": "prince-0:9.0r2-4.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prince@9.0r2-4.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
                  "product_id": "cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-lib@5.2.3.2-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
                  "product_id": "cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-debuginfo@5.2.3.2-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-0:5.2.3.2-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-0:5.2.3.2-1.el6cf.x86_64",
                  "product_id": "cfme-0:5.2.3.2-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme@5.2.3.2-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
                "product": {
                  "name": "mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
                  "product_id": "mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mingw32-cfme-host@5.2.3.2-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
                  "product_id": "cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-appliance@5.2.3.2-1.el6cf?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
                "product": {
                  "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
                  "product_id": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql92-postgresql@9.2.7-1.1.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prince-0:9.0r2-4.el6cf.src",
                "product": {
                  "name": "prince-0:9.0r2-4.el6cf.src",
                  "product_id": "prince-0:9.0r2-4.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prince@9.0r2-4.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src",
                "product": {
                  "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src",
                  "product_id": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-6.el6cf?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-0:5.2.3.2-1.el6cf.src",
                "product": {
                  "name": "cfme-0:5.2.3.2-1.el6cf.src",
                  "product_id": "cfme-0:5.2.3.2-1.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme@5.2.3.2-1.el6cf?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
                "product": {
                  "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
                  "product_id": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-6.el6cf?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-0:5.2.3.2-1.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src"
        },
        "product_reference": "cfme-0:5.2.3.2-1.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-0:5.2.3.2-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64"
        },
        "product_reference": "cfme-0:5.2.3.2-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-appliance-0:5.2.3.2-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64"
        },
        "product_reference": "cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64"
        },
        "product_reference": "cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-lib-0:5.2.3.2-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64"
        },
        "product_reference": "cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64"
        },
        "product_reference": "mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.src as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src"
        },
        "product_reference": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
        },
        "product_reference": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prince-0:9.0r2-4.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:prince-0:9.0r2-4.el6cf.src"
        },
        "product_reference": "prince-0:9.0r2-4.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prince-0:9.0r2-4.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64"
        },
        "product_reference": "prince-0:9.0r2-4.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch"
        },
        "product_reference": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        },
        "product_reference": "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Ruby on Rails project"
          ]
        }
      ],
      "cve": "CVE-2013-6417",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2013-12-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1036409"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6417"
        },
        {
          "category": "external",
          "summary": "RHBZ#1036409",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036409"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6417",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6417"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6417",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6417"
        }
      ],
      "release_date": "2013-12-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Noah Misch"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0060",
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065219"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0060"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065219",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065219"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0060",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0060",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0060"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Andres Freund"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0061",
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065220"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: privilege escalation via procedural language validator functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0061"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065220",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065220"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0061",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0061"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql: privilege escalation via procedural language validator functions"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Andres Freund",
            "Robert Haas"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0062",
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065222"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: CREATE INDEX race condition possibly leading to privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0062"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065222",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065222"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0062",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0062"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql: CREATE INDEX race condition possibly leading to privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Noah Misch"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0063",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065226"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: stack-based buffer overflow in datetime input/output",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0063"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065226",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065226"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0063",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0063"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "postgresql: stack-based buffer overflow in datetime input/output"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Heikki Linnakangas",
            "Noah Misch"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0064",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065230"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow.  NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: integer overflows leading to buffer overflows",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0064"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065230",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065230"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0064",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0064",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0064"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "postgresql: integer overflows leading to buffer overflows"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Peter Eisentraut",
            "Jozef Mlich"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0065",
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065235"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: possible buffer overflow flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0065"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065235",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065235"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0065"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "postgresql: possible buffer overflow flaws"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Honza Horak",
            "Bruce Momjian"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0066",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065236"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: NULL pointer dereference",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0066"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065236",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065236"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0066",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0066"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql: NULL pointer dereference"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jan Rusnacko"
          ],
          "organization": "Red Hat Product Security Team",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2014-0078",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "discovery_date": "2014-02-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1064556"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CFME: multiple authorization bypass vulnerabilities in CatalogController",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0078"
        },
        {
          "category": "external",
          "summary": "RHBZ#1064556",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0078",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0078"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0078",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0078"
        }
      ],
      "release_date": "2014-05-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CFME: multiple authorization bypass vulnerabilities in CatalogController"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jan Rusnacko"
          ],
          "organization": "Red Hat Product Security Team",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2014-0137",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2014-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1076688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CFME: ReportController SQL injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0137"
        },
        {
          "category": "external",
          "summary": "RHBZ#1076688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1076688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0137"
        }
      ],
      "release_date": "2014-05-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "CFME: ReportController SQL injection"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "PostgreSQL project"
          ]
        },
        {
          "names": [
            "Heikki Linnakangas",
            "Noah Misch"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-2669",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2014-02-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1082154"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow.  NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql: multiple integer overflows in hstore_io.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 5 and 6.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
          "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
          "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-2669"
        },
        {
          "category": "external",
          "summary": "RHBZ#1082154",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082154"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2669",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-2669"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2669",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2669"
        }
      ],
      "release_date": "2014-02-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-12T18:12:35+00:00",
          "details": "These updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll users of Red Hat CloudForms 3.0 are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0469"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.3.2-1.el6cf.x86_64",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
            "6Server-CFME:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.src",
            "6Server-CFME:prince-0:9.0r2-4.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-6.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "postgresql: multiple integer overflows in hstore_io.c"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-0078 (GCVE-0-2014-0078)

FKIE_CVE-2014-0078

GHSA-FXWQ-PP2X-CH5J

GSD-2014-0078

RHSA-2014:0469

RHSA-2014_0469

Tags

Sightings

Nomenclature