CVE-2006-5541
https://notcve.org/view.php?id=CVE-2006-5541
backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY. El fichero backend/parser/parse_coerce.c en PostgreSQL versiones 7.4.1 hasta 7.4.14, 8.0.x anteriores a 8.0.9, y 8.1.x anteriores a 8.1.5 permite a usuarios remotos autenticados, provocar una denegación de servicio (daemon crash) mediante una coacción de un elemento desconocido a ANYARRAY. • http://projects.commandprompt.com/public/pgsql/changeset/26457 http://secunia.com/advisories/22562 http://secunia.com/advisories/22584 http://secunia.com/advisories/22606 http://secunia.com/advisories/22636 http://secunia.com/advisories/23048 http://secunia.com/advisories/23132 http://secunia.com/advisories/24577 http://securitytracker.com/id?1017115 http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html http •
CVE-2006-2313
https://notcve.org/view.php?id=CVE-2006-2313
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html http://secunia.com/advisories/20231 http://secunia.com/advisories/20232 http://secunia.com/advisories/20314 http://secunia.com/advisories/20435 http://secunia.com/advisories/20451 http://secunia.com/advisories/20503 http://secunia.com/advisories/20555 http://secunia.c •
CVE-2006-2314
https://notcve.org/view.php?id=CVE-2006-2314
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html http://secunia.com/advisories/20231 http://secunia.com/advisories/20232 http://secunia.com/advisories/20314 http://secunia.com/advisories/20435 http://secunia.com/advisories/20451 http://secunia.com/advisories/20503 http://secunia.com/advisories/20555 http://secunia.c •
CVE-2006-0678
https://notcve.org/view.php?id=CVE-2006-0678
PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553. • http://secunia.com/advisories/18890 http://secunia.com/advisories/19015 http://secunia.com/advisories/19035 http://securityreason.com/securityalert/498 http://www.openpkg.org/security/OpenPKG-SA-2006.004-postgresql.html http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3 http://www.securityfocus.com/archive/1/425037/100/0/threaded http://www.securityfocus.com/bid/16650 http://www.trustix.org/errata/2006/0008 http://www.ubuntu.com/usn/usn-258-1 http •
CVE-2006-0105
https://notcve.org/view.php?id=CVE-2006-0105
PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests. • http://archives.postgresql.org/pgsql-announce/2006-01/msg00001.php http://secunia.com/advisories/18419 http://securityreason.com/securityalert/327 http://securitytracker.com/id?1015482 http://www.postgresql.org/about/news.456 http://www.securityfocus.com/archive/1/421592/100/0/threaded http://www.securityfocus.com/bid/16201 http://www.vupen.com/english/advisories/2006/0114 https://exchange.xforce.ibmcloud.com/vulnerabilities/24049 •