CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2002-1402
https://notcve.org/view.php?id=CVE-2002-1402
08 Jan 2003 — Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code. Desbordamiento de búfer en las variables de entorno TZ y SET TIME ZONE de PostgreSQL 7.2.1 y anteriores permiten a usuarios locales causar una denegación de servicio y posiblemente ejecutar código arbitrario. • http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php •
CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 0CVE-2002-1400
https://notcve.org/view.php?id=CVE-2002-1400
08 Jan 2003 — Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string. Desbordamiento basado en el montón (heap) en la función repeat() en PostgreSQL 7.2.2 permite a atacantes ejecutar código arbitrario haciendo que repeat() genere una cadena largo. • http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1657
https://notcve.org/view.php?id=CVE-2002-1657
31 Dec 2002 — PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. • http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2002-1642
https://notcve.org/view.php?id=CVE-2002-1642
03 Oct 2002 — PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command. • http://archives.postgresql.org/pgsql-announce/2002-10/msg00000.php •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2002-0972
https://notcve.org/view.php?id=CVE-2002-0972
23 Aug 2002 — Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad. Desbordamiento de búfer en PostgreSQL 7.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante argumentos largos en las funciones lpad y rpad. • http://marc.info/?l=bugtraq&m=102987608300785&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0802
https://notcve.org/view.php?id=CVE-2002-0802
12 Aug 2002 — The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. • http://marc.info/?l=postgresql-general&m=102032794322362 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2000-1199 – PostgreSQL 6.3.2/6.5.3 - Cleartext Passwords
https://notcve.org/view.php?id=CVE-2000-1199
31 Aug 2001 — PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases. • https://www.exploit-db.com/exploits/19875 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-1999-0862
https://notcve.org/view.php?id=CVE-1999-0862
02 Dec 1999 — Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0862 •