Page 7 of 54 results (0.009 seconds)

CVSS: 6.5EPSS: 3%CPEs: 57EXPL: 0

CVE-2014-0064 – postgresql: integer overflows leading to buffer overflows

https://notcve.org/view.php?id=CVE-2014-0064

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector. Múltiples desbordamientos de enteros en la función path_in y otras funciones no especificadas en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permiten a usuarios remotos autenticados tener impacto y vectores de ataque sin especificar, lo que provocan un desbordamiento de buffer. NOTA: este identificador ha sido dividido (SPLIT) debido a diferentes versiones afectadas; utilice CVE-2014-2669 para el vector hstore. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2014-0211.html http://rhn.redhat.com/errata/RHSA-2014-0221.html http://rhn.redhat.com/errata/RHSA-2014-0249.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://secunia.com/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 57EXPL: 0

CVE-2014-0065 – postgresql: possible buffer overflow flaws

https://notcve.org/view.php?id=CVE-2014-0065

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063. Múltiples desbordamientos de buffer en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permiten a usuarios remotos autenticados tener un impacto y vectores de ataque sin especificar, una vulnerabilidad diferente a CVE-2014-0063. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2014-0211.html http://rhn.redhat.com/errata/RHSA-2014-0221.html http://rhn.redhat.com/errata/RHSA-2014-0249.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://support.apple • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.0EPSS: 4%CPEs: 57EXPL: 0

CVE-2014-0066 – postgresql: NULL pointer dereference

https://notcve.org/view.php?id=CVE-2014-0066

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. La extensión chkpass en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 no comprueba debidamente el valor de vuelta de la función de libraría crypt, lo que permite a usuarios remotos autenticados causar una denegación de servicio (referencia a puntero nulo y caída) a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2014-0211.html http://rhn.redhat.com/errata/RHSA-2014-0221.html http://rhn.redhat.com/errata/RHSA-2014-0249.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://support.apple • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •

CVSS: 3.5EPSS: 4%CPEs: 82EXPL: 1

CVE-2010-0733 – PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service

https://notcve.org/view.php?id=CVE-2010-0733

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. Desbordamiento de entero en src/backend/executor/nodeHash.c en PostgreSQL v8.4.1 y anteriores, y v8.5 hasta v8.5alpha2, permite a usuarios autenticados provocar una denegación de servicio (caída de demonio) a través de la declaración SELECT con muchas claúsulas LEFT JOIN, relacionados con ciertos cálculos del tamaño de tabla hash. PostgreSQL versions 8.4.1 suffer from a JOIN hashtable size integer overflow denial of service vulnerability. • https://www.exploit-db.com/exploits/33729 http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=64b057e6823655fb6c5d1f24a28f236b94dd6c54 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 70EXPL: 0

CVE-2007-6600 – PostgreSQL privilege escalation

https://notcve.org/view.php?id=CVE-2007-6600

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. PostgreSQL 8.2 anterior a 8.2.6, 8.1 anterior a 8.1.11, 8.0 anterior a 8.0.15, 7.4 anterior a 7.4.19, y 7.3 anterior a 7.3.21 utiliza privilegios de super usuario en lugar de los privilegios del propietario de la tabla para las operaciones (1) VACUUM y (2) ANALYZE en funciones de índice, y soporta (3) SET ROLE y (4) SET SESSION AUTHORIZATION en funciones de índice, lo cual permite a usuarios remotos autenticados obtener privilegios. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http:/&#x • CWE-264: Permissions, Privileges, and Access Controls •