CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2007-0555
https://notcve.org/view.php?id=CVE-2007-0555
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. PostgreSQL 7.3 anterior a 7.3.13, 7.4 anterior a 7.4.16, 8.0 anterior a 8.0.11, 8.1 anterior a 8.1.7, y 8.2 anterior a 8.2.2 permite a los atacantes desactivar determinadas comprobaciones de los tipos de datos de los argumentos de funciones SQL, lo cual permite a usuarios autenticados remotamente provocar una denegación de servicio (caída del servidor) y posiblemente acceder a contenido de la base de datos. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://fedoranews.org/cms/node/2554 http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html http://osvdb.org/33087 http://secunia.com/advisories/24028 http://secunia.com/advisories/24033 http://secunia.com/advisories/24042 http://secunia.com/advisories/24050 http://secunia.com/advisories/24057 http://secunia.com/advisories/24094 http://secunia.com/advisories/24151 http://secunia&# •
CVSS: 6.6EPSS: 1%CPEs: 92EXPL: 0CVE-2007-0556
https://notcve.org/view.php?id=CVE-2007-0556
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. El planificador de peticiones en PostgreSQL anterior a 8.0.11, 8.1 anterior a 8.1.7, y 8.2 anterior a 8.2.2 no verifica que una tabla sea compatible con un "plan de peticiones realizado previamente", lo cual permite a usuarios autenticados remotamente provocar una denegación de servicio (caída del servidor) y posiblemente acceder a contenido de la base de datos mediante una sentencia SQL "ALTER COLUMN TYPE", lo cual puede ser aprovechado para leer memoria de su elección del servidor. • http://fedoranews.org/cms/node/2554 http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html http://osvdb.org/33302 http://secunia.com/advisories/24028 http://secunia.com/advisories/24033 http://secunia.com/advisories/24042 http://secunia.com/advisories/24050 http://secunia.com/advisories/24057 http://secunia.com/advisories/24151 http://secunia.com/advisories/24315 http://secunia.com/advisories/24513 http://secunia.com/advisories/24577 http://secunia&# •
CVSS: 4.0EPSS: 2%CPEs: 56EXPL: 0CVE-2006-5540
https://notcve.org/view.php?id=CVE-2006-5540
backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization." El fichero backend/parser/analyze.c en PostgreSQL 8.1.x versiones anteriores a 8.1.5 permite a usuarios remotos sin autenticar provocar una denegación de servicio (daemon crash) mediante funciones agregadas concretas en una sentencia UPDATE, que no han sido debidamente tratadas durante una "optimización de índices MIN/MAX." • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://projects.commandprompt.com/public/pgsql/changeset/25504 http://secunia.com/advisories/22562 http://secunia.com/advisories/22584 http://secunia.com/advisories/22606 http://secunia.com/advisories/22636 http://secunia.com/advisories/23048 http://secunia.com/advisories/23132 http://secunia.com/advisories/24094 http://secunia.com/advisories/24284 http://secunia.com/advisories/24577 http://securitytracker.co •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2006-2313
https://notcve.org/view.php?id=CVE-2006-2313
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html http://secunia.com/advisories/20231 http://secunia.com/advisories/20232 http://secunia.com/advisories/20314 http://secunia.com/advisories/20435 http://secunia.com/advisories/20451 http://secunia.com/advisories/20503 http://secunia.com/advisories/20555 http://secunia.c •
CVSS: 7.5EPSS: 1%CPEs: 40EXPL: 0CVE-2006-2314
https://notcve.org/view.php?id=CVE-2006-2314
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html http://secunia.com/advisories/20231 http://secunia.com/advisories/20232 http://secunia.com/advisories/20314 http://secunia.com/advisories/20435 http://secunia.com/advisories/20451 http://secunia.com/advisories/20503 http://secunia.com/advisories/20555 http://secunia.c •