CVSS: 8.8EPSS: 0%CPEs: 87EXPL: 0CVE-2009-3230 – postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
https://notcve.org/view.php?id=CVE-2009-3230
17 Sep 2009 — The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. El componente core server en PostgreSQL desde v8.4 anteriores a v8.4.1, desde v8.3 anteriores a v8.3.8, desde v8.2 anteriores a ... • http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 2%CPEs: 5EXPL: 4CVE-2009-0922 – PostgreSQL 8.3.6 - Conversion Encoding Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0922
17 Mar 2009 — PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. PostgreSQL en versiones anteriores a 8.3.7, 8.2.13, 8.1.17, 8.0.21 y 7.4.25 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de pila y caída) desencadenando ... • https://www.exploit-db.com/exploits/32849 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 3%CPEs: 57EXPL: 1CVE-2007-6067 – postgresql: tempory DoS caused by slow regex NFA cleanup
https://notcve.org/view.php?id=CVE-2007-6067
09 Jan 2008 — Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states. Vulnerabilidad de complejidad algorítmica en el analizador de la expresión regular en TCL en versiones anteriores a 8.4.17, tal como se utiliza en PostgreSQL 8.2 en ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2007-6601 – PostgreSQL privilege escalation via dblink
https://notcve.org/view.php?id=CVE-2007-6601
09 Jan 2008 — The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. El módulo DBLink en PostgreSQL 8.2 anterior a 8.2.6, 8.1 anterior a 8.1.11, 8.0 anterior a 8.0.15, 7.4 anterior a 7.4.19, y 7.3 anterior a 7.3.21, cuando locales de confianza o identidades de ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 2%CPEs: 70EXPL: 0CVE-2007-6600 – PostgreSQL privilege escalation
https://notcve.org/view.php?id=CVE-2007-6600
09 Jan 2008 — PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. PostgreSQL 8.2 anterior a 8.2.6, 8.1 anterior a 8.1.11, 8.0 anterior a 8.0.15, 7.4 anterior a 7.4.19, y 7.3 anterior a 7.3.21 utiliza ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 4%CPEs: 57EXPL: 0CVE-2007-4769 – postgresql integer overflow in regex code
https://notcve.org/view.php?id=CVE-2007-4769
09 Jan 2008 — The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. El analizador de expresiones regulares en TCL versiones anteriores a 8.4.17, como es usado en PostgreSQL versiones 8.2 anteriores a 8.2.6,versiones 8.1 anteriores a 8.1.11, versiones 8.0 anteriores a 8.0.15 y versiones 7.4 anteriores a 7.4.19,... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 1CVE-2007-4772 – postgresql DoS via infinite loop in regex NFA optimization code
https://notcve.org/view.php?id=CVE-2007-4772
09 Jan 2008 — The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. El intérprete de expresiones regulares en TCL en versiones anteriores a 8.4.17, como se utiliza en PostgreSQL 8.2 en versiones anteriores a 8.2.6, 8.1 en versiones anteriores a 8.1.11, 8.0 en versiones anteriores a 8.0.15 y 7.4 en versiones ante... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2007-3278 – dblink allows proxying of database connections via 127.0.0.1
https://notcve.org/view.php?id=CVE-2007-3278
19 Jun 2007 — PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. PostgreSQL 8.1 y probablemente versiones posteriores, cuando la autenticación de confianza local está habilitada y la librería de enlace a base de datos (Database Link Library (dblink) está instalada, permite a at... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 1CVE-2007-3280
https://notcve.org/view.php?id=CVE-2007-3280
19 Jun 2007 — The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access. La librería de Enlace a Base de Datos (Database Link) (dblink) en PostgreSQL 8.1 implementa funciones mediante sentencias CREATE que mapean a librerías arbitrarias basadas en... • https://github.com/DenuwanJayasekara/CVE-Exploitation-Reports •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3279
https://notcve.org/view.php?id=CVE-2007-3279
19 Jun 2007 — PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. PostgreSQL y posiblemente versiones posteriores, cuando el lenguaje PL/pgSQL (plpgsql) ha sido creado, otorga determinados privilegios plpgsql al domino PUBLIC, lo cual p... • http://osvdb.org/40900 •