CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3166 – postgresql: unanticipated errors from the standard library
https://notcve.org/view.php?id=CVE-2015-3166
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. La implementación de snprintf en PostgreSQL versiones anteriores a 9.0.20, versiones 9.1.x anteriores a 9.1.16, versiones 9.2.x anteriores a 9.2.11, versiones 9.3.x anteriores a 9.3.7 y versiones 9.4.x anteriores a 9.4.2, no maneja apropiadamente los errores de llamadas al sistema , lo que permite a atacantes obtener información confidencial o tener otro impacto no especificado por medio de vectores desconocidos, como es demostrado por un error fuera de la memoria. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system was in a state that would cause the standard library functions to fail (for example, memory exhaustion), an authenticated user could possibly exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file. • http://ubuntu.com/usn/usn-2621-1 http://www.debian.org/security/2015/dsa-3269 http://www.debian.org/security/2015/dsa-3270 http://www.postgresql.org/about/news/1587 http://www.postgresql.org/docs/9.0/static/release-9-0-20.html http://www.postgresql.org/docs/9.1/static/release-9-1-16.html http://www.postgresql.org/docs/9.2/static/release-9-2-11.html http://www.postgresql.org/docs/9.3/static/release-9-3-7.html http://www.postgresql.org/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-391: Unchecked Error Condition •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3167 – postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.
https://notcve.org/view.php?id=CVE-2015-3167
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. contrib/pgcrypto en PostgreSQL versiones anteriores a 9.0.20, versiones 9.1.x anteriores a 9.1.16, versiones 9.2.x anteriores a 9.2.11, versiones 9.3.x anteriores a 9.3.7 y versiones 9.4.x anteriores a 9.4.2, utiliza diferentes respuestas de error cuando una clave incorrecta se usada, lo que facilita a atacantes obtener la clave por medio de un ataque de fuerza bruta. It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known. • http://ubuntu.com/usn/usn-2621-1 http://www.debian.org/security/2015/dsa-3269 http://www.debian.org/security/2015/dsa-3270 http://www.postgresql.org/about/news/1587 http://www.postgresql.org/docs/9.0/static/release-9-0-20.html http://www.postgresql.org/docs/9.1/static/release-9-1-16.html http://www.postgresql.org/docs/9.2/static/release-9-2-11.html http://www.postgresql.org/docs/9.3/static/release-9-3-7.html http://www.postgresql.org/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-0242
https://notcve.org/view.php?id=CVE-2015-0242
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. Un desbordamiento del búfer en la región stack de la memoria en las implementaciones de la función *printf en PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, cuando se ejecuta sobre un sistema Windows, permite a usuarios autenticados remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de un número de punto flotante con una gran precisión, como es demostrado por el uso de la función to_char. • http://www.debian.org/security/2015/dsa-3155 http://www.postgresql.org/about/news/1569 http://www.postgresql.org/docs/9.4/static/release-9-4-1.html http://www.postgresql.org/docs/current/static/release-9-0-19.html http://www.postgresql.org/docs/current/static/release-9-1-15.html http://www.postgresql.org/docs/current/static/release-9-2-10.html http://www.postgresql.org/docs/current/static/release-9-3-6.html • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-8161 – postgresql: information leak through constraint violation errors
https://notcve.org/view.php?id=CVE-2014-8161
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, permite a usuarios autenticados remotos obtener valores de columna confidenciales mediante la violación de restricciones y luego leer el mensaje de error. An information leak flaw was found in the wathe PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed. • http://www.debian.org/security/2015/dsa-3155 http://www.postgresql.org/about/news/1569 http://www.postgresql.org/docs/9.4/static/release-9-4-1.html http://www.postgresql.org/docs/current/static/release-9-0-19.html http://www.postgresql.org/docs/current/static/release-9-1-15.html http://www.postgresql.org/docs/current/static/release-9-2-10.html http://www.postgresql.org/docs/current/static/release-9-3-6.html https://access.redhat.com/security/cve/CVE-2014& • CWE-209: Generation of Error Message Containing Sensitive Information CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-0241 – postgresql: buffer overflow in the to_char() function
https://notcve.org/view.php?id=CVE-2015-0241
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow. La función to_char en PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, permite a usuarios autenticados remotos causar una negación de servicio (bloqueo) o posiblemente ejecutar código arbitrario por medio de un (1) gran número de dígitos cuando se procesa una plantilla de formato numérico, que desencadena una lectura excesiva del búfer, o una (2) plantilla de formato de marca de tiempo, que desencadena un desbordamiento del búfer. A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL. • http://www.debian.org/security/2015/dsa-3155 http://www.postgresql.org/about/news/1569 http://www.postgresql.org/docs/9.4/static/release-9-4-1.html http://www.postgresql.org/docs/current/static/release-9-0-19.html http://www.postgresql.org/docs/current/static/release-9-1-15.html http://www.postgresql.org/docs/current/static/release-9-2-10.html http://www.postgresql.org/docs/current/static/release-9-3-6.html https://access.redhat.com/security/cve/CVE-2015& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •