Page 6 of 42 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Múltiples desbordamientos del búfer en contrib/pgcrypto en PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, permiten usuarios autenticados remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de vectores no especificados. A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. • http://www.debian.org/security/2015/dsa-3155 http://www.postgresql.org/about/news/1569 http://www.postgresql.org/docs/9.4/static/release-9-4-1.html http://www.postgresql.org/docs/current/static/release-9-0-19.html http://www.postgresql.org/docs/current/static/release-9-1-15.html http://www.postgresql.org/docs/current/static/release-9-2-10.html http://www.postgresql.org/docs/current/static/release-9-3-6.html https://access.redhat.com/security/cve/CVE-2015& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •

CVSS: 6.5EPSS: 0%CPEs: 37EXPL: 0

Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow. NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions. Múltiples desbordamientos de enteros en contrib/hstore/hstore_io.c en PostgreSQL 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permiten a usuarios remotos autenticados tener impacto no especificado a través de vectores relacionados con las funciones (1) hstore_recv, (2) hstore_from_arrays y (3) hstore_from_array en contrib/hstore/hstore_io.c; y la función (4) hstoreArrayToPairs en contrib/hstore/hstore_op.c, lo que provoca un desbordamiento de buffer. NOTA: Este problema fue dividido (SPLIT) de CVE-2014-0064 porque tiene un conjunto diferente de versiones afectadas. • http://rhn.redhat.com/errata/RHSA-2014-0221.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://wiki.postgresql.org/wiki/20140220securityrelease http://www.debian.org/security/2014/dsa-2864 http://www.debian.org/security/2014/dsa-2865 http://www.postgresql.org/about/news/1506 http://www.postgresql.org/support/security https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a https://access.redhat.com/security/cve/CVE-2014-2669 https://bugzilla.redhat&# • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 57EXPL: 0

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063. Múltiples desbordamientos de buffer en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permiten a usuarios remotos autenticados tener un impacto y vectores de ataque sin especificar, una vulnerabilidad diferente a CVE-2014-0063. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2014-0211.html http://rhn.redhat.com/errata/RHSA-2014-0221.html http://rhn.redhat.com/errata/RHSA-2014-0249.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://support.apple • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.6EPSS: 0%CPEs: 59EXPL: 0

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. El comando "make check" para los suites de prueba en PostgreSQL 9.3.3 y anteriores no invoca debidamente initdb para especificar los requisitos de autenticación para un cluster de base de datos utilizado para las pruebas, lo que permite a usuarios locales ganar privilegios mediante el aprovechamiento de acceso a este cluster. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://wiki.postgresql.org/wiki/20140220securityrelease http://www.debian.org/security/2014/dsa-2864 http://www.debian.org/security/2014/dsa-2865 http://www.postgresql.org/about/news/1506 http://www.securityfocus • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 57EXPL: 0

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions. Las funciones de validación para los lenguajes procedurales (PLs) en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permiten a usuarios remotos autenticados ganar privilegios a través de una función que (1) está definida en otro lenguaje o (2) no está permitida su llamada directa por el usuario debido a permisos. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2014-0211.html http://rhn.redhat.com/errata/RHSA-2014-0221.html http://rhn.redhat.com/errata/RHSA-2014-0249.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://secunia.com/ • CWE-264: Permissions, Privileges, and Access Controls •