Lucene search
K

292 matches found

CVE
CVE
added 2026/02/12 1:0 p.m.174 views

CVE-2026-2005

CVE-2026-2005 is a heap buffer overflow in PostgreSQL pgcrypto that allows a ciphertext provider to execute code as the DB OS user. Affected: PostgreSQL versions before 18.2, 17.8, 16.12, 15.16, 14.21. Connected advisories confirm this CVE alongside related issues (CVE-2026-2003, -2004, -2006) be...

8.8CVSS6.4AI score0.01208EPSS
Exploits3References34Affected Software1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.9 views

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...

8.8CVSS6.3AI score0.01208EPSS
Exploits3References3
PostrgeSql
PostrgeSql
added 2026/02/12 12:0 a.m.22 views

Vulnerability in contrib module (CVE-2026-2005)

PostgreSQL pgcrypto heap buffer overflow executes arbitrary code Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.5AI score0.01208EPSS
Exploits3References1Affected Software1
FreeBSD
FreeBSD
added 2026/02/12 12:0 a.m.7 views

PostgreSQL -- Multiple vulnerabilities

The PostgreSQL project reports: Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Missing...

8.8CVSS6.5AI score0.01208EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : postgresql92-postgresql-9.2.14-1.AXS4 (AXSA:2015-566:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-566:02 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll nee...

6.4CVSS7.6AI score0.05045EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-7845

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A heap buffer overflow in the pgcrypto component allows a...

9CVSS6.9AI score0.01208EPSS
Exploits3References210
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.2 views

SUSE CVE-2013-1900

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...

8.5CVSS7AI score0.04511EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.2 views

SUSE CVE-2015-0243

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

8.8CVSS7.9AI score0.05124EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.3 views

SUSE CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack...

7.5CVSS6.7AI score0.03965EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.2 views

SUSE CVE-2015-5288

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a "too-short" salt...

6.4CVSS6.8AI score0.04532EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2021/04/21 12:0 a.m.21 views

CentOS: Security Advisory for postgresql (CESA-2015:2081)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.4CVSS8.7AI score0.04532EPSS
Exploits0References2
Veracode
Veracode
added 2020/04/10 1:2 a.m.41 views

Brute-force Attack

postgresql is vulnerable to brute-force attacks. The vulnerability exists as a signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...

5CVSS3.1AI score0.04972EPSS
Exploits0References25Affected Software3
Prion
Prion
added 2020/01/27 4:15 p.m.27 views

Buffer overflow

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

6.5CVSS7.9AI score0.05124EPSS
Exploits0References7Affected Software2
Veracode
Veracode
added 2019/05/02 5:12 a.m.28 views

Stack-Based Buffer Overflow

PostgreSQL is vulnerable to a stack-buffer overflow flaw. In PostgreSQL's pgcrypto module, An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL...

8.8CVSS9.3AI score0.05124EPSS
Exploits0References9Affected Software2
Veracode
Veracode
added 2019/05/02 5:12 a.m.34 views

Buffer Overflow

PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to...

9.8CVSS8.3AI score0.05533EPSS
Exploits0References9Affected Software2
Veracode
Veracode
added 2019/05/02 5:12 a.m.37 views

SQL Injection

PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to...

9.8CVSS8.3AI score0.05533EPSS
Exploits0References9Affected Software2
Veracode
Veracode
added 2019/05/02 4:42 a.m.29 views

Denial Of Service (DoS)

PostgreSQL is an advanced object-relational database management system DBMS. A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed...

4.3CVSS6AI score0.05734EPSS
Exploits1References14Affected Software2
Veracode
Veracode
added 2019/01/15 9:8 a.m.20 views

Denial Of Service (DoS)

postgresql is vulnerable to denial of service. A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory...

6.4CVSS8.1AI score0.04532EPSS
Exploits0References20Affected Software3
Tenable Nessus
Tenable Nessus
added 2016/02/11 12:0 a.m.28 views

SUSE SLED11 / SLES11 Security Update : postgresql91 (SUSE-SU-2016:0389-1)

This update of postgresql91 to 9.1.19 fixes the following issues : - CVE-2015-5288: crypt pgCrypto extension couldi potentially be exploited to read a few additional bytes of memory bsc949669 Also contains all changes and bugfixes in the upstream 9.1.19 release:...

6.4CVSS7AI score0.04532EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2015/12/15 12:0 a.m.26 views

Amazon Linux: Security Advisory (ALAS-2015-619)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS8.2AI score0.04532EPSS
Exploits0References2
Rows per page
Query Builder