292 matches found
CVE-2026-2005
CVE-2026-2005 is a heap buffer overflow in PostgreSQL pgcrypto that allows a ciphertext provider to execute code as the DB OS user. Affected: PostgreSQL versions before 18.2, 17.8, 16.12, 15.16, 14.21. Connected advisories confirm this CVE alongside related issues (CVE-2026-2003, -2004, -2006) be...
PostgreSQL 安全漏洞
PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...
Vulnerability in contrib module (CVE-2026-2005)
PostgreSQL pgcrypto heap buffer overflow executes arbitrary code Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...
PostgreSQL -- Multiple vulnerabilities
The PostgreSQL project reports: Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Missing...
MiracleLinux 4 : postgresql92-postgresql-9.2.14-1.AXS4 (AXSA:2015-566:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-566:02 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll nee...
PT-2026-7845
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A heap buffer overflow in the pgcrypto component allows a...
SUSE CVE-2013-1900
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...
SUSE CVE-2015-0243
Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...
SUSE CVE-2015-3167
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack...
SUSE CVE-2015-5288
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a "too-short" salt...
CentOS: Security Advisory for postgresql (CESA-2015:2081)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Brute-force Attack
postgresql is vulnerable to brute-force attacks. The vulnerability exists as a signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...
Buffer overflow
Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...
Stack-Based Buffer Overflow
PostgreSQL is vulnerable to a stack-buffer overflow flaw. In PostgreSQL's pgcrypto module, An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL...
Buffer Overflow
PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to...
SQL Injection
PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to...
Denial Of Service (DoS)
PostgreSQL is an advanced object-relational database management system DBMS. A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed...
Denial Of Service (DoS)
postgresql is vulnerable to denial of service. A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory...
SUSE SLED11 / SLES11 Security Update : postgresql91 (SUSE-SU-2016:0389-1)
This update of postgresql91 to 9.1.19 fixes the following issues : - CVE-2015-5288: crypt pgCrypto extension couldi potentially be exploited to read a few additional bytes of memory bsc949669 Also contains all changes and bugfixes in the upstream 9.1.19 release:...
Amazon Linux: Security Advisory (ALAS-2015-619)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...