CVSS: 4.0EPSS: 2%CPEs: 5EXPL: 4CVE-2009-0922 – PostgreSQL 8.3.6 - Conversion Encoding Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0922
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. PostgreSQL en versiones anteriores a 8.3.7, 8.2.13, 8.1.17, 8.0.21 y 7.4.25 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de pila y caída) desencadenando un fallo en la conversión de un mensaje de error localizado en el cifrado para un cliente especificado, como se demuestra usando peticiones de conversión de codificación no coincidentes. • https://www.exploit-db.com/exploits/32849 http://archives.postgresql.org//pgsql-bugs/2009-02/msg00176.php http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517405 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://secunia.com/advisories/34453 http://secunia.com/advisories/35100 http://sunsolve.sun.com/search/document.do?assetkey=1-6 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 57EXPL: 1CVE-2007-6067 – postgresql: tempory DoS caused by slow regex NFA cleanup
https://notcve.org/view.php?id=CVE-2007-6067
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states. Vulnerabilidad de complejidad algorítmica en el analizador de la expresión regular en TCL en versiones anteriores a 8.4.17, tal como se utiliza en PostgreSQL 8.2 en versiones anteriores a 8.2.6, 8.1 en versiones anteriores a 8.1.11, 8.0 en versiones anteriores a 8.0.15 y 7.4 en versiones anteriores a 7.4.19, permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de memoria) a través de una expresión regular "compleja" manipulada con estados doblemente anidados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://rhn.redhat.com/errata/RHSA-2013-0122.html http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http: • CWE-189: Numeric Errors •
CVSS: 4.0EPSS: 0%CPEs: 10EXPL: 1CVE-2007-4772 – postgresql DoS via infinite loop in regex NFA optimization code
https://notcve.org/view.php?id=CVE-2007-4772
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. El intérprete de expresiones regulares en TCL en versiones anteriores a 8.4.17, como se utiliza en PostgreSQL 8.2 en versiones anteriores a 8.2.6, 8.1 en versiones anteriores a 8.1.11, 8.0 en versiones anteriores a 8.0.15 y 7.4 en versiones anteriores a 7.4.19, permite a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito) a través de una expresión regular manipulada. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.8EPSS: 1%CPEs: 57EXPL: 0CVE-2007-4769 – postgresql integer overflow in regex code
https://notcve.org/view.php?id=CVE-2007-4769
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. El analizador de expresiones regulares en TCL versiones anteriores a 8.4.17, como es usado en PostgreSQL versiones 8.2 anteriores a 8.2.6,versiones 8.1 anteriores a 8.1.11, versiones 8.0 anteriores a 8.0.15 y versiones 7.4 anteriores a 7.4.19, permite a usuarios autenticados remotos causar una denegación de servicio (bloqueo del backend) por medio de un número backref fuera de límites. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http://secunia.com/advisories/28479 http:/&#x • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2007-6601 – PostgreSQL privilege escalation via dblink
https://notcve.org/view.php?id=CVE-2007-6601
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. El módulo DBLink en PostgreSQL 8.2 anterior a 8.2.6, 8.1 anterior a 8.1.11, 8.0 anterior a 8.0.15, 7.4 anterior a 7.4.19, y 7.3 anterior a 7.3.21, cuando locales de confianza o identidades de autenticación son utilizadas, permite a atacantes remotos ganar privlegios a través de vectores no especificados. NOTA: este asunto existe a causa de un parche incompleto para CVE-2007-3278. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http:/&#x • CWE-287: Improper Authentication •