Page 7 of 65 results (0.003 seconds)

CVSS: 6.5EPSS: 3%CPEs: 57EXPL: 0

CVE-2014-0064 – postgresql: integer overflows leading to buffer overflows

https://notcve.org/view.php?id=CVE-2014-0064

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector. Múltiples desbordamientos de enteros en la función path_in y otras funciones no especificadas en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permiten a usuarios remotos autenticados tener impacto y vectores de ataque sin especificar, lo que provocan un desbordamiento de buffer. NOTA: este identificador ha sido dividido (SPLIT) debido a diferentes versiones afectadas; utilice CVE-2014-2669 para el vector hstore. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2014-0211.html http://rhn.redhat.com/errata/RHSA-2014-0221.html http://rhn.redhat.com/errata/RHSA-2014-0249.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://secunia.com/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 57EXPL: 0

CVE-2014-0065 – postgresql: possible buffer overflow flaws

https://notcve.org/view.php?id=CVE-2014-0065

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063. Múltiples desbordamientos de buffer en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permiten a usuarios remotos autenticados tener un impacto y vectores de ataque sin especificar, una vulnerabilidad diferente a CVE-2014-0063. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2014-0211.html http://rhn.redhat.com/errata/RHSA-2014-0221.html http://rhn.redhat.com/errata/RHSA-2014-0249.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://support.apple • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.0EPSS: 4%CPEs: 57EXPL: 0

CVE-2014-0066 – postgresql: NULL pointer dereference

https://notcve.org/view.php?id=CVE-2014-0066

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. La extensión chkpass en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 no comprueba debidamente el valor de vuelta de la función de libraría crypt, lo que permite a usuarios remotos autenticados causar una denegación de servicio (referencia a puntero nulo y caída) a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2014-0211.html http://rhn.redhat.com/errata/RHSA-2014-0221.html http://rhn.redhat.com/errata/RHSA-2014-0249.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://support.apple • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •

CVSS: 6.0EPSS: 4%CPEs: 114EXPL: 0

CVE-2010-3433 – PL/Tcl): SECURITY DEFINER function keyword bypass

https://notcve.org/view.php?id=CVE-2010-3433

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. Las implementaciones PL/perl y PL/Tcl en PostgreSQL v7.4 anterior a v7.4.30, v8.0 anterior a v8.0.26, v8.1 anterior a v8.1.22, v8.2 anterior a v8.2.18, v8.3 anterior a v8.3.12, v8.4 anterior a v8.4.5, and v9.0 anterior a v9.0.1 no protegen adecuadamente la ejecución de secuencias de comandos de una identidad de usuario SQL diferente en la misma sesión, lo que permite a usuarios autenticados remotamente ganar privilegios a través de secuencias de comandos manipuladas en una función SECURITY DEFINER, como se demostró con (1) redefinir funciones estandar o (2) redefinir operadores. Una vulnerabilidad diferente de CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, y CVE-2010-1447. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://secunia.com/advisories/42325 http://www.debian.org/security/2010&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 8.5EPSS: 0%CPEs: 110EXPL: 0

CVE-2010-1447 – perl: Safe restriction bypass when reference to subroutine in compartment is called from outside

https://notcve.org/view.php?id=CVE-2010-1447

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. Vulnerabilidad en PostgreSQL v7.4 anterior a v7.4.29, v8.0 anterior a v8.0.25, v8.1 anterior a v8.1.21, v8.2 anterior a v8.2.17, v8.3 anterior a v8.3.11, v8.4 anterior a v8.4.4, y v9.0 Beta anterior a v9.0 Beta 2, no restringe adecuadamente procedimientos PL/perl, lo que podría permitir a atacantes remotos ejecutar código Perl de su elección a través de una secuencia de comandos manipulada, relacionada con el módulo Safe (también conocido como Safe.pm) para Perl. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://osvdb.org/64756 http://secunia.com/advisories/39845 http://secunia.com/advisories/40049 http://secunia.com/advisories/40052 http://security-tracker.debian.org/tracker/CVE-2010-1447 http://www.debian.org/security/2011/dsa-2267 http://www.mandriva.com/security/advisories?name=MDVSA-2010:115 http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 http://www.openwall.com/lists/oss-security/2010/05/2 • CWE-264: Permissions, Privileges, and Access Controls •