CVSS: 10.0EPSS: 1%CPEs: 110EXPL: 0CVE-2010-1447 – perl: Safe restriction bypass when reference to subroutine in compartment is called from outside
https://notcve.org/view.php?id=CVE-2010-1447
19 May 2010 — The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. Vulnerabilidad en PostgreSQL v7.4 anterior a v7.4.29, ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 8%CPEs: 82EXPL: 2CVE-2010-0733 – PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2010-0733
19 Mar 2010 — Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. Desbordamiento de entero en src/backend/executor/nodeHash.c en PostgreSQL v8.4.1 y anteriores, y v8.5 hasta v8.5alpha2, permite a usuarios autenticados provocar una denegación de servicio (caída de demonio) a través de la ... • https://packetstorm.news/files/id/127092 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 13%CPEs: 6EXPL: 2CVE-2010-0442 – PostgreSQL - 'bitsubstr' Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0442
02 Feb 2010 — The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow." La función bitsubstr en backend/utils/adt/varbit.c en PostgreSQL v8.0.23, v8.1.11 y v8.3.8 permite a usuarios remot... • https://www.exploit-db.com/exploits/33571 • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 92EXPL: 0CVE-2009-4136 – postgresql: SQL privilege escalation via modifications to session-local state
https://notcve.org/view.php?id=CVE-2009-4136
15 Dec 2009 — PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. PostgreSQL v7.4.x anteriore... • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html •
CVSS: 5.9EPSS: 1%CPEs: 92EXPL: 0CVE-2009-4034
https://notcve.org/view.php?id=CVE-2009-4034
15 Dec 2009 — PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restricti... • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 1%CPEs: 23EXPL: 0CVE-2009-3229 – postgresql: authenticated user server DoS via plugin re-LOAD-ing
https://notcve.org/view.php?id=CVE-2009-3229
17 Sep 2009 — The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory. El componente core server de PostgreSQL desde v8.4 anteriores a v8.4.1, desde v8.3 anteriores a v8.3.8, y desde v8.2 anteriores a v8.2.14 permite a usuarios remotos autenticados producir una denegación de servicio (caída del backend) mediante "recarga" de librerías desde... • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html •
CVSS: 8.8EPSS: 1%CPEs: 87EXPL: 0CVE-2009-3230 – postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
https://notcve.org/view.php?id=CVE-2009-3230
17 Sep 2009 — The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. El componente core server en PostgreSQL desde v8.4 anteriores a v8.4.1, desde v8.3 anteriores a v8.3.8, desde v8.2 anteriores a ... • http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 5%CPEs: 12EXPL: 0CVE-2009-3231 – postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed
https://notcve.org/view.php?id=CVE-2009-3231
17 Sep 2009 — The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. El componente core server en PostgreSQL desde v8.3 anteriores a v8.3.8 y desde v8.2 anteriores a v8.2.14, cuando se utiliza la autenticación de LDAP con imposiciones anónimas, permite a atacantes remotos evitar la autenticación a través de una contraseña vacía. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 8%CPEs: 5EXPL: 4CVE-2009-0922 – PostgreSQL 8.3.6 - Conversion Encoding Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0922
17 Mar 2009 — PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. PostgreSQL en versiones anteriores a 8.3.7, 8.2.13, 8.1.17, 8.0.21 y 7.4.25 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de pila y caída) desencadenando ... • https://www.exploit-db.com/exploits/32849 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 70EXPL: 0CVE-2007-6600 – PostgreSQL privilege escalation
https://notcve.org/view.php?id=CVE-2007-6600
09 Jan 2008 — PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. PostgreSQL 8.2 anterior a 8.2.6, 8.1 anterior a 8.1.11, 8.0 anterior a 8.0.15, 7.4 anterior a 7.4.19, y 7.3 anterior a 7.3.21 utiliza ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-264: Permissions, Privileges, and Access Controls •