CVSS: 8.5EPSS: 1%CPEs: 47EXPL: 0CVE-2016-5423 – postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference
https://notcve.org/view.php?id=CVE-2016-5423
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types. PostgreSQL en versiones anteriores a 9.1.23, 9.2.x en versiones anteriores a 9.2.18, 9.3.x en versiones anteriores a 9.3.14, 9.4.x en versiones anteriores a 9.4.9 y 9.5.x en versiones anteriores a 9.5.4 permiten a usuarios remotos autenticados provocar una denegación de servicio (referencia a puntero NULL y caída del servidor), obtener información de memoria sensible, o posiblemente ejecutar código arbitrario a través de (1) una expresión CASE dentro de la subexpresión de valor de prueba de otro CASE o (2) el inicio de una función SQL que implementa el operador de igualdad utilizado para una expresión CASE que implica valores de diferentes tipos. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. • http://rhn.redhat.com/errata/RHSA-2016-1781.html http://rhn.redhat.com/errata/RHSA-2016-1820.html http://rhn.redhat.com/errata/RHSA-2016-1821.html http://rhn.redhat.com/errata/RHSA-2016-2606.html http://www.debian.org/security/2016/dsa-3646 http://www.securityfocus.com/bid/92433 http://www.securitytracker.com/id/1036617 https://access.redhat.com/errata/RHSA-2017:2425 https://bugzilla.redhat.com/show_bug.cgi?id=1364001 https://security.gentoo.org/glsa/201701-33 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •
CVSS: 7.5EPSS: 21%CPEs: 28EXPL: 0CVE-2016-0773 – postgresql: case insensitive range handling integer overflow leading to buffer overflow
https://notcve.org/view.php?id=CVE-2016-0773
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. PostgreSQL en versiones anteriores a 9.1.20, 9.2.x en versiones anteriores a 9.2.15, 9.3.x en versiones anteriores a 9.3.11, 9.4.x en versiones anteriores a 9.4.6 y 9.5.x en versiones anteriores a 9.5.1 permite a atacantes remotos provocar una denegación de servicio (bucle infinito o desbordamiento de buffer y caída) a través de un amplio rango de caracteres Unicode en una expresión regular. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177878.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html http://lists.opensuse.org/opensuse-security-announce& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0766
https://notcve.org/view.php?id=CVE-2016-0766
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors. PostgreSQL en versiones anteriores a 9.1.20, 9.2.x en versiones anteriores a 9.2.15, 9.3.x en versiones anteriores a 9.3.11, 9.4.x en versiones anteriores a 9.4.6 y 9.5.x en versiones anteriores a 9.5.1 no restringe adecuadamente el acceso a ajustes de configuración personalizada no especificados (GUCS) para PL/Java, lo que permite a atacantes obtener privilegios a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html http://www.debian.org/security/2016/dsa-3475 http://www.debian.org/security/2016/dsa-3476 http://www.postgresql.org/about&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 1%CPEs: 7EXPL: 0CVE-2015-5289 – postgresql: stack overflow DoS when parsing json or jsonb inputs
https://notcve.org/view.php?id=CVE-2015-5289
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. Múltiple desbordamiento de buffer basado en pila en el análisis gramatical de json en PostgreSQL en versiones anteriores a 9.3.x en versiones anteriores a 9.3.10 y 9.4.x en versiones anteriores a 9.4.5 permite a atacantes provocar una denegación de servicio (caída del servidor) a través de vectores no especificados, los cuales no son manejados adecuadamente en valores (1) json o (2) jsonb. A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input. • http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=08fa47c4850cea32c3116665975bca219fbf2fe6 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html http://www.debian.org/security/2015/dsa-3374 http://www.oracle.com/technetwork/topics/security/linuxbulletino • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •
CVSS: 6.4EPSS: 2%CPEs: 49EXPL: 0CVE-2015-5288 – postgresql: limited memory disclosure flaw in crypt()
https://notcve.org/view.php?id=CVE-2015-5288
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. La función crypt en contrib/pgcrypto en PostgreSQL en versiones anteriores a 9.0.23, 9.1.x en versiones anteriores a 9.1.19, 9.2.x en versiones anteriores a 9.2.14, 9.3.x en versiones anteriores a 9.3.10 y 9.4.x en versiones anteriores a 9.4.5 permite a atacantes provocar una denegación de servicio (caída del servidor) o leer la memoria del servidor arbitrariamente a través de un salt 'too-short'. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00040.html http://www.debian.org/security/2015/dsa-3374 http://www.debian.org/security/2016/dsa-3475 http://www.oracle.com/technetwork/top • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •