CVSS: 6.8EPSS: 1%CPEs: 12EXPL: 0CVE-2009-3231 – postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed
https://notcve.org/view.php?id=CVE-2009-3231
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. El componente core server en PostgreSQL desde v8.3 anteriores a v8.3.8 y desde v8.2 anteriores a v8.2.14, cuando se utiliza la autenticación de LDAP con imposiciones anónimas, permite a atacantes remotos evitar la autenticación a través de una contraseña vacía. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://secunia.com/advisories/36660 http://secunia.com/advisories/36727 http://secunia.com/advisories/36800 http://secunia.com/advisories/36837 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.postgresql.org/docs/8.3/static/release-8-3-8.html http://www.postgr • CWE-287: Improper Authentication •
CVSS: 4.0EPSS: 2%CPEs: 5EXPL: 4CVE-2009-0922 – PostgreSQL 8.3.6 - Conversion Encoding Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0922
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. PostgreSQL en versiones anteriores a 8.3.7, 8.2.13, 8.1.17, 8.0.21 y 7.4.25 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de pila y caída) desencadenando un fallo en la conversión de un mensaje de error localizado en el cifrado para un cliente especificado, como se demuestra usando peticiones de conversión de codificación no coincidentes. • https://www.exploit-db.com/exploits/32849 http://archives.postgresql.org//pgsql-bugs/2009-02/msg00176.php http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517405 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://secunia.com/advisories/34453 http://secunia.com/advisories/35100 http://sunsolve.sun.com/search/document.do?assetkey=1-6 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 70EXPL: 0CVE-2007-6600 – PostgreSQL privilege escalation
https://notcve.org/view.php?id=CVE-2007-6600
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. PostgreSQL 8.2 anterior a 8.2.6, 8.1 anterior a 8.1.11, 8.0 anterior a 8.0.15, 7.4 anterior a 7.4.19, y 7.3 anterior a 7.3.21 utiliza privilegios de super usuario en lugar de los privilegios del propietario de la tabla para las operaciones (1) VACUUM y (2) ANALYZE en funciones de índice, y soporta (3) SET ROLE y (4) SET SESSION AUTHORIZATION en funciones de índice, lo cual permite a usuarios remotos autenticados obtener privilegios. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http:/&#x • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2007-6601 – PostgreSQL privilege escalation via dblink
https://notcve.org/view.php?id=CVE-2007-6601
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. El módulo DBLink en PostgreSQL 8.2 anterior a 8.2.6, 8.1 anterior a 8.1.11, 8.0 anterior a 8.0.15, 7.4 anterior a 7.4.19, y 7.3 anterior a 7.3.21, cuando locales de confianza o identidades de autenticación son utilizadas, permite a atacantes remotos ganar privlegios a través de vectores no especificados. NOTA: este asunto existe a causa de un parche incompleto para CVE-2007-3278. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http:/&#x • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 1%CPEs: 57EXPL: 1CVE-2007-6067 – postgresql: tempory DoS caused by slow regex NFA cleanup
https://notcve.org/view.php?id=CVE-2007-6067
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states. Vulnerabilidad de complejidad algorítmica en el analizador de la expresión regular en TCL en versiones anteriores a 8.4.17, tal como se utiliza en PostgreSQL 8.2 en versiones anteriores a 8.2.6, 8.1 en versiones anteriores a 8.1.11, 8.0 en versiones anteriores a 8.0.15 y 7.4 en versiones anteriores a 7.4.19, permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de memoria) a través de una expresión regular "compleja" manipulada con estados doblemente anidados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://rhn.redhat.com/errata/RHSA-2013-0122.html http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http: • CWE-189: Numeric Errors •