CVSS: 6.0EPSS: 0%CPEs: 110EXPL: 0CVE-2010-1170 – PostgreSQL: PL/Tcl Intended restriction bypass
https://notcve.org/view.php?id=CVE-2010-1170
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. Vulnerabilidad en la implementación PL/Tcl en PostgreSQL v7.4 anterior a v7.4.29, v8.0 anterior a v8.0.25, v8.1 anterior a v8.1.21, v8.2 anterior a v8.2.17, v8.3 anterior a v8.3.11, v8.4 anterior a v8.4.4 y v9.0 Beta anterior a v9.0 Beta 2, carga código Tcl desde la tabla pltcl_modules sin importar el propietario y los permisos de la tabla, permite a usuarios autenticados remotamente, con privilegios "database-creation", ejecutar código Tcl de su elección mediante la creación de esta tabla e insertando código Tcl manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://osvdb.org/64757 http://secunia.com/advisories/39815 http://secunia.com/advisories/39820 http://secunia.com/advisories/39845 ht • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.5EPSS: 0%CPEs: 110EXPL: 0CVE-2010-1447 – perl: Safe restriction bypass when reference to subroutine in compartment is called from outside
https://notcve.org/view.php?id=CVE-2010-1447
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. Vulnerabilidad en PostgreSQL v7.4 anterior a v7.4.29, v8.0 anterior a v8.0.25, v8.1 anterior a v8.1.21, v8.2 anterior a v8.2.17, v8.3 anterior a v8.3.11, v8.4 anterior a v8.4.4, y v9.0 Beta anterior a v9.0 Beta 2, no restringe adecuadamente procedimientos PL/perl, lo que podría permitir a atacantes remotos ejecutar código Perl de su elección a través de una secuencia de comandos manipulada, relacionada con el módulo Safe (también conocido como Safe.pm) para Perl. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://osvdb.org/64756 http://secunia.com/advisories/39845 http://secunia.com/advisories/40049 http://secunia.com/advisories/40052 http://security-tracker.debian.org/tracker/CVE-2010-1447 http://www.debian.org/security/2011/dsa-2267 http://www.mandriva.com/security/advisories?name=MDVSA-2010:115 http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 http://www.openwall.com/lists/oss-security/2010/05/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 110EXPL: 0CVE-2010-1975 – postgresql: improper privilege check during certain RESET ALL operations
https://notcve.org/view.php?id=CVE-2010-1975
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. PostgreSQL v7.4 anterior a v7.4.29, v8.0 anterior a v8.0.25, v8.1 anterior a v8.1.21, v8.2 anterior a v8.2.17, v8.3 anterior a v8.3.11, y v8.4 anterior a v8.4.4 no valida adecuadamente los privilegios durante ciertas operaciones RESET ALL, lo cual permite a usuarios remotos autenticados borrar parametros de configuración a su elección a través de las instrucciónes (1) ALTER USER o (2) ALTER DATABASE. • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://secunia.com/advisories/39939 http://www.debian.org/security/2010/dsa-2051 http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 http://www.postgresql.org/docs/current/static/release-7-4-29.html http://www.postgresql.org/docs/current/static/release-8-0-25.html http://www.postgresql.org/docs/current/static/release-8-1-21.html http: • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 4%CPEs: 82EXPL: 1CVE-2010-0733 – PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2010-0733
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. Desbordamiento de entero en src/backend/executor/nodeHash.c en PostgreSQL v8.4.1 y anteriores, y v8.5 hasta v8.5alpha2, permite a usuarios autenticados provocar una denegación de servicio (caída de demonio) a través de la declaración SELECT con muchas claúsulas LEFT JOIN, relacionados con ciertos cálculos del tamaño de tabla hash. PostgreSQL versions 8.4.1 suffer from a JOIN hashtable size integer overflow denial of service vulnerability. • https://www.exploit-db.com/exploits/33729 http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=64b057e6823655fb6c5d1f24a28f236b94dd6c54 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 95%CPEs: 6EXPL: 2CVE-2010-0442 – PostgreSQL - 'bitsubstr' Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0442
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow." La función bitsubstr en backend/utils/adt/varbit.c en PostgreSQL v8.0.23, v8.1.11 y v8.3.8 permite a usuarios remotos autenticados causar una denegación de servicio (cuelgue del demonio) o tener otro impacto no especificado a través de vectores que implican un entero negativo en el tercer argumento, como lo demuestra una instrucción SELECT que contiene una llamada a la función substring de una cadena de bits, relacionado con un desbordamiento. • https://www.exploit-db.com/exploits/33571 http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83 http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html http • CWE-189: Numeric Errors •