CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2015-0243 – postgresql: buffer overflow flaws in contrib/pgcrypto
https://notcve.org/view.php?id=CVE-2015-0243
09 Feb 2015 — Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Múltiples desbordamientos del búfer en contrib/pgcrypto en PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones... • http://www.debian.org/security/2015/dsa-3155 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-0244 – postgresql: loss of frontend/backend protocol synchronization after an error
https://notcve.org/view.php?id=CVE-2015-0244
09 Feb 2015 — PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. PostgreSQL versiones anteriores a 9.0.19, v... • http://www.debian.org/security/2015/dsa-3155 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-300: Channel Accessible by Non-Endpoint •