CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3065
https://notcve.org/view.php?id=CVE-2016-3065
11 Apr 2016 — The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page. Las funciones (1) brin_page_type y (2) brin_metapage_info en la extensión pageinspect en PostgreSQL en versiones anteriores a 9.5.x en versiones anteriores a 9.5.2 permite a a... • http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=bf78a6f107949fdfb513d1b45e30cefe04e09e4f • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0766 – Gentoo Linux Security Advisory 201701-33
https://notcve.org/view.php?id=CVE-2016-0766
12 Feb 2016 — PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors. PostgreSQL en versiones anteriores a 9.1.20, 9.2.x en versiones anteriores a 9.2.15, 9.3.x en versiones anteriores a 9.3.11, 9.4.x en versiones anteriores a 9.4.6 y 9.5.x en versiones anteriores a 9.5.1 no restringe adecuadamente el ac... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 20%CPEs: 28EXPL: 0CVE-2016-0773 – postgresql: case insensitive range handling integer overflow leading to buffer overflow
https://notcve.org/view.php?id=CVE-2016-0773
12 Feb 2016 — PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. PostgreSQL en versiones anteriores a 9.1.20, 9.2.x en versiones anteriores a 9.2.15, 9.3.x en versiones anteriores a 9.3.11, 9.4.x en versiones anteriores a 9.4.6 y 9.5.x en versiones anteriores a 9.5.1 permite a atacantes remotos provocar un... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 2%CPEs: 49EXPL: 0CVE-2015-5288 – postgresql: limited memory disclosure flaw in crypt()
https://notcve.org/view.php?id=CVE-2015-5288
16 Oct 2015 — The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. La función crypt en contrib/pgcrypto en PostgreSQL en versiones anteriores a 9.0.23, 9.1.x en versiones anteriores a 9.1.19, 9.2.x en versiones anteriores a 9.2.14, 9.3.x en versiones anteriores a 9.3.10 y 9.4.x en versiones anteriores a 9.4... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 2%CPEs: 7EXPL: 0CVE-2015-5289 – postgresql: stack overflow DoS when parsing json or jsonb inputs
https://notcve.org/view.php?id=CVE-2015-5289
16 Oct 2015 — Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. Múltiple desbordamiento de buffer basado en pila en el análisis gramatical de json en PostgreSQL en versiones anteriores a 9.3.x en versiones anteriores a 9.3.10 y 9.4.x en versiones anteriores a 9.4.5 permite a atacantes provocar una denegación... • http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=08fa47c4850cea32c3116665975bca219fbf2fe6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2015-3166 – postgresql: unanticipated errors from the standard library
https://notcve.org/view.php?id=CVE-2015-3166
22 May 2015 — The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. La implementación de snprintf en PostgreSQL versiones anteriores a 9.0.20, versiones 9.1.x anteriores a 9.1.16, versiones 9.2.x anteriores a 9.2.11, versiones 9.3.x anterior... • http://ubuntu.com/usn/usn-2621-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-391: Unchecked Error Condition •
CVSS: 7.5EPSS: 15%CPEs: 44EXPL: 0CVE-2015-3165 – postgresql: double-free after authentication timeout
https://notcve.org/view.php?id=CVE-2015-3165
22 May 2015 — Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. Vulnerabilidad de doble liberación en PostgreSQL anterior a 9.0.20, 9.1.x anterior a 9.1.16, 9.2.x anterior a 9.2.11, 9.3.x anterior a 9.3.7, y 9.4.x anterior a 9.4.2 permite a atacantes remoto... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3167 – postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.
https://notcve.org/view.php?id=CVE-2015-3167
22 May 2015 — contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. contrib/pgcrypto en PostgreSQL versiones anteriores a 9.0.20, versiones 9.1.x anteriores a 9.1.16, versiones 9.2.x anteriores a 9.2.11, versiones 9.3.x anteriores a 9.3.7 y versiones 9.4.x anteriores a 9.4.2, utiliza diferentes respuestas ... • http://ubuntu.com/usn/usn-2621-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-0242 – Gentoo Linux Security Advisory 201507-20
https://notcve.org/view.php?id=CVE-2015-0242
30 Mar 2015 — Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. Un desbordamiento del búfer en la región stack de la memoria en las implementaciones de l... • http://www.debian.org/security/2015/dsa-3155 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-8161 – postgresql: information leak through constraint violation errors
https://notcve.org/view.php?id=CVE-2014-8161
09 Feb 2015 — PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, permite a usuarios autenticados remotos obtener valores de columna confid... • http://www.debian.org/security/2015/dsa-3155 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-300: Channel Accessible by Non-Endpoint •