CVSS: 7.8EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0067 – Mandriva Linux Security Advisory 2014-047
https://notcve.org/view.php?id=CVE-2014-0067
21 Feb 2014 — The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. El comando "make check" para los suites de prueba en PostgreSQL 9.3.3 y anteriores no invoca debidamente initdb para especificar los requisitos de autenticación para un cluster de base de datos utilizado para las pruebas, lo que ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 57EXPL: 0CVE-2014-0060 – postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
https://notcve.org/view.php?id=CVE-2014-0060
21 Feb 2014 — PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command. PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 no fuerza debidamente la restricción de ADMIN OPTI... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 57EXPL: 0CVE-2014-0066 – postgresql: NULL pointer dereference
https://notcve.org/view.php?id=CVE-2014-0066
21 Feb 2014 — The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. La extensión chkpass en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 no comprueba debidame... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 57EXPL: 0CVE-2014-0061 – postgresql: privilege escalation via procedural language validator functions
https://notcve.org/view.php?id=CVE-2014-0061
21 Feb 2014 — The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions. Las funciones de validación para los lenguajes procedurales (PLs) en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x ante... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 130EXPL: 0CVE-2013-4422 – Gentoo Linux Security Advisory 201311-03
https://notcve.org/view.php?id=CVE-2013-4422
23 Oct 2013 — SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message. Vulnerabilidad de inyección SQL en Quassel IRC anterior a la versión 0.9.1, cuando Qt 4.8.5 o posteriores y PostgreSQL 8.2 o posteriores son usados, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una \ (barra invertida) en un mensaje. Two vulnerabilities in Quassel may resul... • http://bugs.quassel-irc.org/issues/1244 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 66EXPL: 0CVE-2013-1903 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1903
04 Apr 2013 — PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors. PostgreSQL, probablemente en v9.2.x anterior a v9.2.4, v9.1.x anterior a v9.1.9, v9.0.x anterior a v9.0.13, v8.4.x anterior a v8.4.17, y v8.3.x anterior a v8.3.23 proporciona incorrectamente la contraseña de superusuario a ... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 66EXPL: 0CVE-2013-1902 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1902
04 Apr 2013 — PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X." PostgreSQL, v9.2.x anterior a v9.2.4, v9.1.x anterior a v9.1.9, v9.0.x anterior a v9.0.13, v8.4.x anterior a v8.4.17, y v8.3.x anterior a v8.3.23 genera archivos temporales inseguros con nombres predecibles, lo cual tiene un ... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2013-1900 – postgresql: Improper randomization of pgcrypto functions (requiring random seed)
https://notcve.org/view.php?id=CVE-2013-1900
04 Apr 2013 — PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." PostgreSQL v9.2.x anterior a v9.2.4, v9.1.x anterior a v9.1.9, v9.0.x anterior a v9.0.13, y v8.4.x anterior a v8.4.17 cuando se utiliza OpenSSL, genera números insuficiente aleatorios, lo que podría permitir a usuarios rem... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 62EXPL: 0CVE-2013-0255 – postgresql: array indexing error in enum_recv()
https://notcve.org/view.php?id=CVE-2013-0255
13 Feb 2013 — PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. PostgreSQL v9.2.x anteriores a v9.2.3, v9.1.x anteriores ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2012-3489 – postgresql: File disclosure through XXE in xmlparse by DTD validation
https://notcve.org/view.php?id=CVE-2012-3489
03 Oct 2012 — The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. La función xml_parse en el soporte libxml2 en el componente de servidor cen... • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html • CWE-611: Improper Restriction of XML External Entity Reference •