CVSS: 6.5EPSS: 7%CPEs: 82EXPL: 2CVE-2010-0733 – PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2010-0733
19 Mar 2010 — Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. Desbordamiento de entero en src/backend/executor/nodeHash.c en PostgreSQL v8.4.1 y anteriores, y v8.5 hasta v8.5alpha2, permite a usuarios autenticados provocar una denegación de servicio (caída de demonio) a través de la ... • https://packetstorm.news/files/id/127092 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 16%CPEs: 6EXPL: 2CVE-2010-0442 – PostgreSQL - 'bitsubstr' Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0442
02 Feb 2010 — The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow." La función bitsubstr en backend/utils/adt/varbit.c en PostgreSQL v8.0.23, v8.1.11 y v8.3.8 permite a usuarios remot... • https://www.exploit-db.com/exploits/33571 • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 87EXPL: 0CVE-2009-3230 – postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
https://notcve.org/view.php?id=CVE-2009-3230
17 Sep 2009 — The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. El componente core server en PostgreSQL desde v8.4 anteriores a v8.4.1, desde v8.3 anteriores a v8.3.8, desde v8.2 anteriores a ... • http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 57EXPL: 1CVE-2007-6067 – postgresql: tempory DoS caused by slow regex NFA cleanup
https://notcve.org/view.php?id=CVE-2007-6067
09 Jan 2008 — Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states. Vulnerabilidad de complejidad algorítmica en el analizador de la expresión regular en TCL en versiones anteriores a 8.4.17, tal como se utiliza en PostgreSQL 8.2 en ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 70EXPL: 0CVE-2007-6600 – PostgreSQL privilege escalation
https://notcve.org/view.php?id=CVE-2007-6600
09 Jan 2008 — PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. PostgreSQL 8.2 anterior a 8.2.6, 8.1 anterior a 8.1.11, 8.0 anterior a 8.0.15, 7.4 anterior a 7.4.19, y 7.3 anterior a 7.3.21 utiliza ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 57EXPL: 0CVE-2007-4769 – postgresql integer overflow in regex code
https://notcve.org/view.php?id=CVE-2007-4769
09 Jan 2008 — The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. El analizador de expresiones regulares en TCL versiones anteriores a 8.4.17, como es usado en PostgreSQL versiones 8.2 anteriores a 8.2.6,versiones 8.1 anteriores a 8.1.11, versiones 8.0 anteriores a 8.0.15 y versiones 7.4 anteriores a 7.4.19,... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 1CVE-2007-4772 – postgresql DoS via infinite loop in regex NFA optimization code
https://notcve.org/view.php?id=CVE-2007-4772
09 Jan 2008 — The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. El intérprete de expresiones regulares en TCL en versiones anteriores a 8.4.17, como se utiliza en PostgreSQL 8.2 en versiones anteriores a 8.2.6, 8.1 en versiones anteriores a 8.1.11, 8.0 en versiones anteriores a 8.0.15 y 7.4 en versiones ante... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2007-6601 – PostgreSQL privilege escalation via dblink
https://notcve.org/view.php?id=CVE-2007-6601
09 Jan 2008 — The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. El módulo DBLink en PostgreSQL 8.2 anterior a 8.2.6, 8.1 anterior a 8.1.11, 8.0 anterior a 8.0.15, 7.4 anterior a 7.4.19, y 7.3 anterior a 7.3.21, cuando locales de confianza o identidades de ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2007-3278 – dblink allows proxying of database connections via 127.0.0.1
https://notcve.org/view.php?id=CVE-2007-3278
19 Jun 2007 — PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. PostgreSQL 8.1 y probablemente versiones posteriores, cuando la autenticación de confianza local está habilitada y la librería de enlace a base de datos (Database Link Library (dblink) está instalada, permite a at... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2007-2138 – PostgreSQL security-definer function privilege escalation
https://notcve.org/view.php?id=CVE-2007-2138
24 Apr 2007 — Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." Vulnerabilidad de búsqueda en ruta no confiable en PostgreSQL anterior a 7.3.19, 7.4.x anterior a 7.4.17, 8.0.x anterior a 8.0.13, 8.1.x anterior a 8.1.9, y 8.2.x anterior a 8.2.4 permite a usua... • http://rhn.redhat.com/errata/RHSA-2007-0336.html • CWE-264: Permissions, Privileges, and Access Controls •