CVSS: 9.8EPSS: 4%CPEs: 12EXPL: 0CVE-2015-3166 – postgresql: unanticipated errors from the standard library
https://notcve.org/view.php?id=CVE-2015-3166
22 May 2015 — The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. La implementación de snprintf en PostgreSQL versiones anteriores a 9.0.20, versiones 9.1.x anteriores a 9.1.16, versiones 9.2.x anteriores a 9.2.11, versiones 9.3.x anterior... • http://ubuntu.com/usn/usn-2621-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-391: Unchecked Error Condition •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2015-3167 – postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.
https://notcve.org/view.php?id=CVE-2015-3167
22 May 2015 — contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. contrib/pgcrypto en PostgreSQL versiones anteriores a 9.0.20, versiones 9.1.x anteriores a 9.1.16, versiones 9.2.x anteriores a 9.2.11, versiones 9.3.x anteriores a 9.3.7 y versiones 9.4.x anteriores a 9.4.2, utiliza diferentes respuestas ... • http://ubuntu.com/usn/usn-2621-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •