CVSS: 6.8EPSS: 0%CPEs: 130EXPL: 0CVE-2013-4422
https://notcve.org/view.php?id=CVE-2013-4422
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message. Vulnerabilidad de inyección SQL en Quassel IRC anterior a la versión 0.9.1, cuando Qt 4.8.5 o posteriores y PostgreSQL 8.2 o posteriores son usados, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una \ (barra invertida) en un mensaje. • http://bugs.quassel-irc.org/issues/1244 http://quassel-irc.org/node/120 http://seclists.org/oss-sec/2013/q4/74 http://secunia.com/advisories/55194 http://secunia.com/advisories/55581 http://security.gentoo.org/glsa/glsa-201311-03.xml http://www.securityfocus.com/bid/62923 https://exchange.xforce.ibmcloud.com/vulnerabilities/87805 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 66EXPL: 0CVE-2013-1902
https://notcve.org/view.php?id=CVE-2013-1902
PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X." PostgreSQL, v9.2.x anterior a v9.2.4, v9.1.x anterior a v9.1.9, v9.0.x anterior a v9.0.13, v8.4.x anterior a v8.4.17, y v8.3.x anterior a v8.3.23 genera archivos temporales inseguros con nombres predecibles, lo cual tiene un impacto no especificado y vectores de ataque similares a "instaladores gráficos para Linux y Mac OS X." • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.postgresql.org/about/news/1456 http://www.postgresql.org/support/security •
CVSS: 10.0EPSS: 0%CPEs: 66EXPL: 0CVE-2013-1903
https://notcve.org/view.php?id=CVE-2013-1903
PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors. PostgreSQL, probablemente en v9.2.x anterior a v9.2.4, v9.1.x anterior a v9.1.9, v9.0.x anterior a v9.0.13, v8.4.x anterior a v8.4.17, y v8.3.x anterior a v8.3.23 proporciona incorrectamente la contraseña de superusuario a los scripts relacionados con "instaladores gráficos para Linux y Mac OS X", que tiene un impacto y vectores de ataque no especificados. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.postgresql.org/about/news/1456 http://www.postgresql.org/support/security • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0CVE-2013-1901
https://notcve.org/view.php?id=CVE-2013-1901
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. PostgreSQL v9.2.x anterior a v9.2.4, v9.1.x anterior a v9.1.9 no comprueba correctamente los privilegios de "REPLICATION", lo que permite a usuarios remotos autenticados para eludir restricciones de seguridad destinados a la llamada (1) pg_start_backup o las funciones (2) pg_stop_backup. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.5EPSS: 0%CPEs: 48EXPL: 0CVE-2013-1900 – postgresql: Improper randomization of pgcrypto functions (requiring random seed)
https://notcve.org/view.php?id=CVE-2013-1900
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." PostgreSQL v9.2.x anterior a v9.2.4, v9.1.x anterior a v9.1.9, v9.0.x anterior a v9.0.13, y v8.4.x anterior a v8.4.17 cuando se utiliza OpenSSL, genera números insuficiente aleatorios, lo que podría permitir a usuarios remotos autenticados provocar un impacto no especificado a través de vectores relacionados con las funciones "contrib/pgcrypto". • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2 • CWE-189: Numeric Errors •