CVE-2022-41862

A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...

Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution, sensitive information exposure and unauthorized access due to PostgreSQL

Summary IBM Security Verify Governance is vulnerable to arbitrary code execution, sensitive information exposure and unauthorized access due to vulnerabilities in PostgreSQL JAR CVE-2022-26520, CVE-2022-21724, CVE-2020-13692, CVE-2022-31197, 220313. The fix involves upgrading the PostgreSQL JAR t...

SUSE CVE-2004-0547

Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows remote attackers to cause a denial of service crash...

SUSE CVE-2004-0977

The makeoidjoinscheck script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files...

SUSE CVE-2005-0227

PostgreSQL pgsql 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension...

SUSE CVE-2005-0246

The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service crash via crafted arrays...

SUSE CVE-2005-0245

Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function gram.y, which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247...

SUSE CVE-2005-0244

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command...

SUSE CVE-2005-0247

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via 1 a large number of variables in a SQL statement being handled by the readsqlconstruct function, 2 a large number of INTO variables in a SELECT statement being handled by the...

SUSE CVE-2005-1410

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the 1 dexinit, 2 snbeninit, 3 snbruinit, 4 spellinit, and 5 syninit functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service application crash and possibly have other...

SUSE CVE-2005-1409

PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."...

SUSE CVE-2006-0410

SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings...

SUSE CVE-2006-0553

PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678...

SUSE CVE-2006-0678

PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service server crash via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553...

SUSE CVE-2006-2313

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL...

SUSE CVE-2006-2314

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "" backslash byte 0x5c to be the trailing byt...

SUSE CVE-2006-4041

SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors...

SUSE CVE-2006-5541

backend/parser/parsecoerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via a coercion of an unknown element to ANYARRAY...

SUSE CVE-2006-5540

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."...

SUSE CVE-2006-5542

backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash related to duration logging of V3-protocol Execute messages for 1 COMMIT and 2 ROLLBACK SQL statements...