CVSS: 10.0EPSS: 12%CPEs: 57EXPL: 0CVE-2014-0064 – postgresql: integer overflows leading to buffer overflows
https://notcve.org/view.php?id=CVE-2014-0064
21 Feb 2014 — Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector. Múltiples desbordamientos de enteros en la función path_in y otras funciones no especificadas en ... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 6%CPEs: 57EXPL: 0CVE-2014-0065 – postgresql: possible buffer overflow flaws
https://notcve.org/view.php?id=CVE-2014-0065
21 Feb 2014 — Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063. Múltiples desbordamientos de buffer en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permiten a usuarios remotos autenticados tener un impacto y vectores de ataque ... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 57EXPL: 0CVE-2014-0066 – postgresql: NULL pointer dereference
https://notcve.org/view.php?id=CVE-2014-0066
21 Feb 2014 — The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. La extensión chkpass en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 no comprueba debidame... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 130EXPL: 0CVE-2013-4422 – Gentoo Linux Security Advisory 201311-03
https://notcve.org/view.php?id=CVE-2013-4422
23 Oct 2013 — SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message. Vulnerabilidad de inyección SQL en Quassel IRC anterior a la versión 0.9.1, cuando Qt 4.8.5 o posteriores y PostgreSQL 8.2 o posteriores son usados, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una \ (barra invertida) en un mensaje. Two vulnerabilities in Quassel may resul... • http://bugs.quassel-irc.org/issues/1244 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 6%CPEs: 6EXPL: 0CVE-2011-2483 – crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
https://notcve.org/view.php?id=CVE-2011-2483
25 Aug 2011 — crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. crypt_blowfish en versiones anteriores a 1.1, como se utiliza en PHP en versiones anteriores a 5.3.7 en ciertas plataformas, PostgreSQL en versiones anteriores a 8.4.9 y otros productos, no maneja adecuadamente cara... • http://freshmeat.net/projects/crypt_blowfish • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 4%CPEs: 44EXPL: 0CVE-2010-4015 – PostgreSQL: Stack-based buffer overflow by processing certain tokens from SQL query string when intarray module enabled
https://notcve.org/view.php?id=CVE-2010-4015
02 Feb 2011 — Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions. Desbordamiento de búfer en la función gettoken en contrib/intarray/_int_bool.c en el módulo de matriz intArray de PostgreSQL v9.0.x ant... • http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commitdiff%3Bh=7ccb6dc2d3e266a551827bb99179708580f72431 • CWE-121: Stack-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 1%CPEs: 114EXPL: 0CVE-2010-3433 – PL/Tcl): SECURITY DEFINER function keyword bypass
https://notcve.org/view.php?id=CVE-2010-3433
06 Oct 2010 — The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability tha... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 110EXPL: 0CVE-2010-1447 – perl: Safe restriction bypass when reference to subroutine in compartment is called from outside
https://notcve.org/view.php?id=CVE-2010-1447
19 May 2010 — The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. Vulnerabilidad en PostgreSQL v7.4 anterior a v7.4.29, ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 110EXPL: 0CVE-2010-1169 – PostgreSQL: PL/Perl Intended restriction bypass
https://notcve.org/view.php?id=CVE-2010-1169
19 May 2010 — PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447. Vulnerabilidad en PostgreSQL v7.4 anterior a v7.4.29, v8.0... • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 110EXPL: 0CVE-2010-1170 – PostgreSQL: PL/Tcl Intended restriction bypass
https://notcve.org/view.php?id=CVE-2010-1170
19 May 2010 — The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. Vulnerabilidad en la implementación PL/Tcl en PostgreSQL v7.4 ante... • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html • CWE-264: Permissions, Privileges, and Access Controls •