CVSS: 10.0EPSS: 2%CPEs: 57EXPL: 0CVE-2014-0065 – postgresql: possible buffer overflow flaws
https://notcve.org/view.php?id=CVE-2014-0065
21 Feb 2014 — Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063. Múltiples desbordamientos de buffer en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permiten a usuarios remotos autenticados tener un impacto y vectores de ataque ... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 57EXPL: 0CVE-2014-0066 – postgresql: NULL pointer dereference
https://notcve.org/view.php?id=CVE-2014-0066
21 Feb 2014 — The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. La extensión chkpass en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 no comprueba debidame... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0067 – Mandriva Linux Security Advisory 2014-047
https://notcve.org/view.php?id=CVE-2014-0067
21 Feb 2014 — The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. El comando "make check" para los suites de prueba en PostgreSQL 9.3.3 y anteriores no invoca debidamente initdb para especificar los requisitos de autenticación para un cluster de base de datos utilizado para las pruebas, lo que ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 114EXPL: 0CVE-2010-3433 – PL/Tcl): SECURITY DEFINER function keyword bypass
https://notcve.org/view.php?id=CVE-2010-3433
06 Oct 2010 — The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability tha... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 110EXPL: 0CVE-2010-1975 – postgresql: improper privilege check during certain RESET ALL operations
https://notcve.org/view.php?id=CVE-2010-1975
19 May 2010 — PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. PostgreSQL v7.4 anterior a v7.4.29, v8.0 anterior a v8.0.25, v8.1 anterior a v8.1.21, v8.2 anterior a v8.2.17, v8.3 anterior a v8.3.11, y v8.4 anterior a v8.4.4 no valida adecuadam... • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 110EXPL: 0CVE-2010-1169 – PostgreSQL: PL/Perl Intended restriction bypass
https://notcve.org/view.php?id=CVE-2010-1169
19 May 2010 — PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447. Vulnerabilidad en PostgreSQL v7.4 anterior a v7.4.29, v8.0... • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 110EXPL: 0CVE-2010-1170 – PostgreSQL: PL/Tcl Intended restriction bypass
https://notcve.org/view.php?id=CVE-2010-1170
19 May 2010 — The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. Vulnerabilidad en la implementación PL/Tcl en PostgreSQL v7.4 ante... • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 110EXPL: 0CVE-2010-1447 – perl: Safe restriction bypass when reference to subroutine in compartment is called from outside
https://notcve.org/view.php?id=CVE-2010-1447
19 May 2010 — The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. Vulnerabilidad en PostgreSQL v7.4 anterior a v7.4.29, ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 8%CPEs: 82EXPL: 2CVE-2010-0733 – PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2010-0733
19 Mar 2010 — Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. Desbordamiento de entero en src/backend/executor/nodeHash.c en PostgreSQL v8.4.1 y anteriores, y v8.5 hasta v8.5alpha2, permite a usuarios autenticados provocar una denegación de servicio (caída de demonio) a través de la ... • https://packetstorm.news/files/id/127092 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 13%CPEs: 6EXPL: 2CVE-2010-0442 – PostgreSQL - 'bitsubstr' Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0442
02 Feb 2010 — The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow." La función bitsubstr en backend/utils/adt/varbit.c en PostgreSQL v8.0.23, v8.1.11 y v8.3.8 permite a usuarios remot... • https://www.exploit-db.com/exploits/33571 • CWE-189: Numeric Errors •