CVSS: 8.8EPSS: 0%CPEs: 110EXPL: 0CVE-2010-1169 – PostgreSQL: PL/Perl Intended restriction bypass
https://notcve.org/view.php?id=CVE-2010-1169
19 May 2010 — PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447. Vulnerabilidad en PostgreSQL v7.4 anterior a v7.4.29, v8.0... • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 110EXPL: 0CVE-2010-1447 – perl: Safe restriction bypass when reference to subroutine in compartment is called from outside
https://notcve.org/view.php?id=CVE-2010-1447
19 May 2010 — The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. Vulnerabilidad en PostgreSQL v7.4 anterior a v7.4.29, ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 110EXPL: 0CVE-2010-1975 – postgresql: improper privilege check during certain RESET ALL operations
https://notcve.org/view.php?id=CVE-2010-1975
19 May 2010 — PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. PostgreSQL v7.4 anterior a v7.4.29, v8.0 anterior a v8.0.25, v8.1 anterior a v8.1.21, v8.2 anterior a v8.2.17, v8.3 anterior a v8.3.11, y v8.4 anterior a v8.4.4 no valida adecuadam... • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 5%CPEs: 82EXPL: 2CVE-2010-0733 – PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2010-0733
19 Mar 2010 — Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. Desbordamiento de entero en src/backend/executor/nodeHash.c en PostgreSQL v8.4.1 y anteriores, y v8.5 hasta v8.5alpha2, permite a usuarios autenticados provocar una denegación de servicio (caída de demonio) a través de la ... • https://packetstorm.news/files/id/127092 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •