Lucene search
K

562 matches found

CNVD
CNVD
added 2015/05/26 12:0 a.m.3 views

PostgreSQL 'snprintf()' Information Disclosure Vulnerability

PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. In PostgreSQL versions 9.3 and 9.4, the replacement implementation of the function snprintf fails to check for errors reported by the lower-level database, which may result in...

9.8CVSS7.2AI score0.04611EPSS
Exploits0References1
Debian
Debian
added 2015/05/22 3:18 p.m.24 views

[SECURITY] [DSA 3270-1] postgresql-9.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3270-1 [email protected] http://www.debian.org/security/ Christoph Berg May 22, 2015 http://www.debian.org/security/faq -...

7.5CVSS0.4AI score0.08565EPSS
Exploits0
CNVD
CNVD
added 2015/02/13 12:0 a.m.1 views

PostgreSQL 'constraint-violation' information disclosure vulnerability

PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. The PostgreSQL constraint-violation error message discloses sensitive information and allows attackers to exploit the vulnerability to obtain sensitive information...

4.3CVSS7.1AI score0.0251EPSS
Exploits0References1
OSV
OSV
added 2015/02/06 12:0 a.m.4 views

UBUNTU-CVE-2015-0244

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an...

9.8CVSS7.2AI score0.04193EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2014/06/13 12:0 a.m.196 views

PostgreSQL 8.4.1 Denial Of Service Integer Overflow

PostgreSQL is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied data before using it in memory-allocation calculations. An attacker can exploit this issue to cause the affected application to crash. Due to the nature of this issue, remote code...

3.5CVSS0.6AI score0.06902EPSS
Exploits2
OSV
OSV
added 2014/03/31 2:58 p.m.5 views

CVE-2014-0061

The validator functions for the procedural languages PLs in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is 1 defined in another language or 2 not allowed to b...

6.2AI score
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2014/02/21 12:0 a.m.39 views

Debian DSA-2865-1 : postgresql-9.1 - several vulnerabilities

Various vulnerabilities were discovered in PostgreSQL : - CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions Noah Misch Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily...

6.5CVSS7.6AI score0.06666EPSS
Exploits7References20
OSV
OSV
added 2013/10/23 4:54 p.m.4 views

CVE-2013-4422

SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ backslash in a message...

8.1AI score
Exploits0References8
Ubuntu
Ubuntu
added 2013/02/12 1:14 p.m.48 views

USN-1717-1: PostgreSQL vulnerability

Sumit Soni discovered that PostgreSQL incorrectly handled calling a certain internal function with invalid arguments. An authenticated attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service...

6.8CVSS8.1AI score0.03592EPSS
Exploits0
OpenVAS
OpenVAS
added 2012/09/17 12:0 a.m.27 views

CentOS Update for postgresql84 CESA-2012:1263 centos5

Check for the Version of postgresql84 OpenVAS Vulnerability Test CentOS Update for postgresql84 CESA-2012:1263 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

4.9CVSS7AI score0.03297EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2012/06/25 6:5 p.m.4 views

postgresql: Ability of database owners to install procedural languages via CREATE LANGUAGE found unsafe (DoS)

PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service server crash by adding the 1 SECURITY DEFINER or 2 SET attributes to a procedural language's call handler...

4CVSS7.4AI score0.0293EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/05/21 2:21 p.m.6 views

postgresql: MITM due improper x509_v3 CN validation during certificate verification

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters...

4.3CVSS7.4AI score0.02336EPSS
Exploits1References4
OSV
OSV
added 2011/08/25 2:22 p.m.2 views

DEBIAN-CVE-2011-2483

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

5CVSS6.9AI score0.04972EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2010/10/06 10:24 a.m.4 views

PL/Tcl): SECURITY DEFINER function keyword bypass

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...

6CVSS7.7AI score0.03331EPSS
Exploits0References4
OSV
OSV
added 2010/05/19 6:30 p.m.8 views

CVE-2010-1447

The Safe aka Safe.pm module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended 1...

8.5CVSS7AI score0.02797EPSS
Exploits2References21
RedHat Linux
RedHat Linux
added 2010/05/19 4:29 p.m.3 views

PostgreSQL: PL/Tcl Intended restriction bypass

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltclmodules table regardless of the table's ownership and permissions, which allows remo...

6CVSS7.7AI score0.02888EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2010/04/30 12:0 a.m.24 views

Ubuntu Update for PostgreSQL vulnerability USN-933-1

Ubuntu Update for Linux kernel vulnerabilities USN-933-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9331.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for PostgreSQL vulnerability USN-933-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

6.5CVSS6.4AI score0.13361EPSS
Exploits2References2
CVE
CVE
added 2009/09/17 10:0 a.m.214 views

CVE-2009-3229

CVE-2009-3229 affects PostgreSQL core server components: versions 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 are vulnerable. Remote authenticated users can trigger a denial of service (backend shutdown) by re-loading libraries from a specific plugins directory. Remediation is to ap...

4CVSS5.4AI score0.02613EPSS
Exploits0References18Affected Software1
Positive Technologies
Positive Technologies
added 2009/09/17 12:0 a.m.2 views

PT-2009-5547 · Postgresql · Postgresql

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 8.2 through 8.2.14 PostgreSQL versions 8.3 through 8.3.8 Description: The issue allows remote attackers to bypass authentication via an empty password when using LDAP authentication with anonymous binds. If PostgreSQL is...

6.8CVSS6.8AI score0.07568EPSS
Exploits0References22
RedHat Linux
RedHat Linux
added 2008/01/11 12:37 p.m.3 views

dblink allows proxying of database connections via 127.0.0.1

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

6.9CVSS6.1AI score0.01257EPSS
Exploits1References4
Rows per page
Query Builder