CVE-2002-1642

PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log pgclog data and cause a denial of service data loss via the VACUUM command...

CVE-2002-1642

This CVE affects PostgreSQL 7.2.1 and 7.2.2. The vulnerability arises in the VACUUM path, where local users can delete transaction log data (pg_clog), leading to a denial of service and potential data loss. The connected Red Hat/RH and NVD sources corroborate that the issue concerns local access ...

Important: Red Hat Security Advisory: rh-postgresql security update

Updated PostgreSQL packages to fix various security flaws are now available for Red Hat Enterprise Linux 3. PostgreSQL is an advanced Object-Relational database management system DBMS. A flaw in the LOAD command in PostgreSQL was discovered. A local user could use this flaw to load arbitrary shar...

security flaw

Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function gram.y, which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247...

security flaw

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via 1 a large number of variables in a SQL statement being handled by the readsqlconstruct function, 2 a large number of INTO variables in a SELECT statement being handled by the...

CVE-2005-0245

CVE-2005-0245 concerns a heap-based buffer overflow in gram.y of PostgreSQL up to version 8.0.0 and earlier, triggered by a large number of arguments to a refcursor function. The connected advisories indicate PostgreSQL security updates (e.g., RHSA 2005:138/141 and SLES updates) as remediation, b...

CVE-2005-0244

CVE-2005-0244 affects PostgreSQL 8.0.0 and earlier; local users could bypass the EXECUTE permission check for functions via CREATE AGGREGATE, as described in the CVE entry. Connected advisories show this vulnerability being addressed by multiple vendors, including Red Hat (RHSA-2005:138/141) and ...

CVE-2005-0246

CVE-2005-0246 affects the PostgreSQL intagg contrib module in version 8.0.0 and earlier. The vulnerability allows a denial of service (crash) when processing crafted arrays. The initial description provides the impact and affected component; connected advisories mention PostgreSQL security update...

CVE-2005-0247

Technical details (affected product, version, root cause, impact, or fix) for CVE-2005-0247 are not publicly provided in the supplied connected documents. Monitor for updates as additional information may be released.

PT-2005-1326 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 8.0.0 and earlier Description: The issue allows attackers to cause a denial of service, resulting in a crash, by utilizing crafted arrays. A valid login is required to exploit this issue. Recommendations: For versions 8.0....

CVE-2005-0227

CVE-2005-0227 affects PostgreSQL versions 7.4.x, 7.2.x and related builds. It allows a local user to load arbitrary shared libraries and execute code via the LOAD extension, enabling partial confidentiality and integrity impact and potential service impact. The vulnerability is tied to the abilit...

Mandrake Linux Security Advisory : postgresql (MDKSA-2004:149)

The Trustix development team found insecure temporary file creation problems in a script included in the postgresql package. This could allow an attacker to trick a user into overwriting arbitrary files he has access to. The updated packages have been patched to prevent this problem. %NASLMINLEVE...

CVE-2004-0977

CVE-2004-0977 affects PostgreSQL 7.4.5 and earlier. The vulnerability is in the make_oidjoins_check script, where a symlink attack on temporary files can allow a local user to overwrite files. One connected reference notes an attack could overwrite arbitrary files with the credentials of the user...

PostgreSQL: Insecure temporary file use in make_oidjoins_check

Background PostgreSQL is an open source database based on the POSTGRES database management system. It includes several contributed scripts including the makeoidjoinscheck script. Description The makeoidjoinscheck script insecurely creates temporary files in world-writeable directories with...

postgresql-contrib -- insecure temporary file creation

The makeoidjoinscheck script in the PostgreSQL RDBMS has insecure handling of temporary files, which could lead to an attacker overwriting arbitrary files with the credentials of the user running the makeoidjoinscheck script...

CVE-2003-0040

The CVE-2003-0040 entry concerns SQL injection in the courier mail server (courier 0.40 and earlier) via the PostgreSQL auth module. A remote attacker could inject SQL through the username, exploiting insufficient input sanitization in the authentication path. This is supported by multiple source...

CVE-2004-0547

Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows remote attackers to cause a denial of service crash...

Mandrake Linux Security Advisory : postgresql (MDKSA-2003:102)

Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type ADT to ASCII conversion functions. It is believed that, under the right circumstances, an attacker may use this vulnerability to execute arbitrary instructions ...

CVE-2004-0547

CVE-2004-0547 : A buffer overflow in the PostgreSQL ODBC driver vulnerable before 7.2.1 allows remote attackers to crash the application, yielding a denial of service. Affected component: PostgreSQL ODBC driver. Root cause: buffer overflow in the driver. Impact: remote crash of the vulnerable hos...

[Full-Disclosure] [SECURITY] [DSA 516-1] New odbc-postgresql packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 516-1 [email protected] http://www.debian.org/security/ Martin Schulze June 7th, 2004 http://www.debian.org/security/faq -...