CVSS: 10.0EPSS: 0%CPEs: 57EXPL: 0CVE-2014-0065 – postgresql: possible buffer overflow flaws
https://notcve.org/view.php?id=CVE-2014-0065
21 Feb 2014 — Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063. Múltiples desbordamientos de buffer en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permiten a usuarios remotos autenticados tener un impacto y vectores de ataque ... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0067 – Mandriva Linux Security Advisory 2014-047
https://notcve.org/view.php?id=CVE-2014-0067
21 Feb 2014 — The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. El comando "make check" para los suites de prueba en PostgreSQL 9.3.3 y anteriores no invoca debidamente initdb para especificar los requisitos de autenticación para un cluster de base de datos utilizado para las pruebas, lo que ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 57EXPL: 0CVE-2014-0064 – postgresql: integer overflows leading to buffer overflows
https://notcve.org/view.php?id=CVE-2014-0064
21 Feb 2014 — Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector. Múltiples desbordamientos de enteros en la función path_in y otras funciones no especificadas en ... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 71%CPEs: 57EXPL: 0CVE-2014-0063 – postgresql: stack-based buffer overflow in datetime input/output
https://notcve.org/view.php?id=CVE-2014-0063
21 Feb 2014 — Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065. Múltiples desbordamientos de buffer basado en pila en PostgreSQL anterior ... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 1%CPEs: 57EXPL: 0CVE-2014-0066 – postgresql: NULL pointer dereference
https://notcve.org/view.php?id=CVE-2014-0066
21 Feb 2014 — The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. La extensión chkpass en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 no comprueba debidame... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 57EXPL: 0CVE-2014-0060 – postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
https://notcve.org/view.php?id=CVE-2014-0060
21 Feb 2014 — PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command. PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 no fuerza debidamente la restricción de ADMIN OPTI... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 57EXPL: 0CVE-2014-0062 – postgresql: CREATE INDEX race condition possibly leading to privilege escalation
https://notcve.org/view.php?id=CVE-2014-0062
21 Feb 2014 — Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window. La condición de carrera en los comandos (1) CREATE INDEX y (2) ALTER TABLE no especificado en PostgreSQL anterior a 8.4.20, 9.0.x anter... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 130EXPL: 0CVE-2013-4422 – Gentoo Linux Security Advisory 201311-03
https://notcve.org/view.php?id=CVE-2013-4422
23 Oct 2013 — SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message. Vulnerabilidad de inyección SQL en Quassel IRC anterior a la versión 0.9.1, cuando Qt 4.8.5 o posteriores y PostgreSQL 8.2 o posteriores son usados, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una \ (barra invertida) en un mensaje. Two vulnerabilities in Quassel may resul... • http://bugs.quassel-irc.org/issues/1244 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2013-1900 – postgresql: Improper randomization of pgcrypto functions (requiring random seed)
https://notcve.org/view.php?id=CVE-2013-1900
04 Apr 2013 — PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." PostgreSQL v9.2.x anterior a v9.2.4, v9.1.x anterior a v9.1.9, v9.0.x anterior a v9.0.13, y v8.4.x anterior a v8.4.17 cuando se utiliza OpenSSL, genera números insuficiente aleatorios, lo que podría permitir a usuarios rem... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 96%CPEs: 31EXPL: 1CVE-2013-1899 – PostgreSQL Database Name Command Line Flag Injection
https://notcve.org/view.php?id=CVE-2013-1899
04 Apr 2013 — Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen). Vulnerabilidad de inyección de argumentos en PostgreSQL 9.2.x anterior a 9.2.4, 9.1.x anterior a 9.1.9, y 9.0.x anterior a 9.0.13, permite a atacantes... • https://packetstorm.news/files/id/180960 • CWE-94: Improper Control of Generation of Code ('Code Injection') •