CVSS: 6.6EPSS: 1%CPEs: 92EXPL: 0CVE-2007-0556
https://notcve.org/view.php?id=CVE-2007-0556
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. El planificador de peticiones en PostgreSQL anterior a 8.0.11, 8.1 anterior a 8.1.7, y 8.2 anterior a 8.2.2 no verifica que una tabla sea compatible con un "plan de peticiones realizado previamente", lo cual permite a usuarios autenticados remotamente provocar una denegación de servicio (caída del servidor) y posiblemente acceder a contenido de la base de datos mediante una sentencia SQL "ALTER COLUMN TYPE", lo cual puede ser aprovechado para leer memoria de su elección del servidor. • http://fedoranews.org/cms/node/2554 http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html http://osvdb.org/33302 http://secunia.com/advisories/24028 http://secunia.com/advisories/24033 http://secunia.com/advisories/24042 http://secunia.com/advisories/24050 http://secunia.com/advisories/24057 http://secunia.com/advisories/24151 http://secunia.com/advisories/24315 http://secunia.com/advisories/24513 http://secunia.com/advisories/24577 http://secunia&# •
CVSS: 4.0EPSS: 2%CPEs: 56EXPL: 0CVE-2006-5540
https://notcve.org/view.php?id=CVE-2006-5540
backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization." El fichero backend/parser/analyze.c en PostgreSQL 8.1.x versiones anteriores a 8.1.5 permite a usuarios remotos sin autenticar provocar una denegación de servicio (daemon crash) mediante funciones agregadas concretas en una sentencia UPDATE, que no han sido debidamente tratadas durante una "optimización de índices MIN/MAX." • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://projects.commandprompt.com/public/pgsql/changeset/25504 http://secunia.com/advisories/22562 http://secunia.com/advisories/22584 http://secunia.com/advisories/22606 http://secunia.com/advisories/22636 http://secunia.com/advisories/23048 http://secunia.com/advisories/23132 http://secunia.com/advisories/24094 http://secunia.com/advisories/24284 http://secunia.com/advisories/24577 http://securitytracker.co •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2002-1399
https://notcve.org/view.php?id=CVE-2002-1399
Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2). Vulnerabilidad desconocida en la función cash_out en PostgreSQL 7.2.1 y anteriores, y posiblemente versiones anteriores a 7.2.3, con impacto desconocido, basado en una entrada de enteros inválida. • http://archives.postgresql.org/pgsql-hackers/2002-08/msg00708.php http://archives.postgresql.org/pgsql-hackers/2002-08/msg00713.php http://marc.info/?l=bugtraq&m=102978152712430&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2002-1397
https://notcve.org/view.php?id=CVE-2002-1397
Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow. Desbordamiento de búfer en la función cash_words() en PostgreSQL 7.2 y anteriores permite a usuarios locales causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante un argurmento malformado. • http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524 http://marc.info/?l=bugtraq&m=102977465204357&w=2 http://secunia.com/advisories/8034 http://www.redhat.com/support/errata/RHSA-2003-001.html http://www.securityfocus.com/bid/5497 https://exchange.xforce.ibmcloud.com/vulnerabilities/9891 https://access.redhat.com/security/cve/CVE-2002-1397 https:// •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2002-1398
https://notcve.org/view.php?id=CVE-2002-1398
Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input." Desbordamiento de búfer en el procesador de fechas de PostgreSQL 7.2.2 permite a atacantes causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una cadena de fecha larga. • http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php http://marc.info/?l=bugtraq&m=102978152712430&w=2 http://marc.info/?l=bugtraq&m=102996089613404&w=2 http://marc.info/?l=bugtraq&m=103021186622725&w=2 http://marc.info/?l=bugtraq&m=103036987114437&w=2 http://marc.info/? •