Postgresql@8.0.1 Security Vulnerabilities and Issues — Postgresql@8.0.1 CVE List

Lucene search

PostgresqlPostgresql8.0.1

21 matches found

CVE•added 2010/03/19 7:30 p.m.•352 views

CVE-2010-0733

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.

3.5CVSS6.2AI score0.07672EPSS

CVE•added 2010/05/19 6:30 p.m.•316 views

CVE-2010-1447

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1...

8.5CVSS7.1AI score0.01576EPSS

CVE•added 2010/05/19 6:30 p.m.•289 views

CVE-2010-1169

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary ...

8.5CVSS7.3AI score0.01576EPSS

CVE•added 2010/10/06 5:0 p.m.•199 views

CVE-2010-3433

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows ...

6CVSS7.4AI score0.02422EPSS

CVE•added 2010/05/19 6:30 p.m.•171 views

CVE-2010-1170

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remot...

6CVSS7.1AI score0.00332EPSS

CVE•added 2010/05/19 6:30 p.m.•165 views

CVE-2010-1975

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER ...

5.5CVSS6.1AI score0.00277EPSS

CVE•added 2009/12/15 6:30 p.m.•102 views

CVE-2009-4136

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privi...

6.5CVSS6.1AI score0.01557EPSS

CVE•added 2009/12/15 6:30 p.m.•100 views

CVE-2009-4034

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle at...

5.8CVSS6.2AI score0.01808EPSS

CVE•added 2009/09/17 10:30 a.m.•85 views

CVE-2009-3230

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated...

6.5CVSS6AI score0.01129EPSS

CVE•added 2008/01/09 9:46 p.m.•73 views

CVE-2007-6067

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex...

6.8CVSS5.7AI score0.01009EPSS

CVE•added 2006/05/24 10:6 a.m.•66 views

CVE-2006-2314

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "" (backslash) byte 0x5c to be the trailing byt...

7.5CVSS6.9AI score0.02203EPSS

CVE•added 2008/01/09 9:46 p.m.•66 views

CVE-2007-6600

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION withi...

6.5CVSS5.9AI score0.01129EPSS

CVE•added 2008/01/09 9:46 p.m.•64 views

CVE-2007-4769

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

6.8CVSS5.8AI score0.01079EPSS

CVE•added 2007/02/06 1:28 a.m.•62 views

CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTE...

6.6CVSS6.6AI score0.01918EPSS

CVE•added 2006/05/24 10:6 a.m.•59 views

CVE-2006-2313

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injec...

7.5CVSS7.1AI score0.01873EPSS

CVE•added 2006/10/26 5:7 p.m.•57 views

CVE-2006-5540

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."

4CVSS5.9AI score0.01621EPSS

CVE•added 2005/05/03 4:0 a.m.•55 views

CVE-2005-1409

PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."

7.5CVSS6.1AI score0.01196EPSS

CVE•added 2005/05/02 4:0 a.m.•54 views

CVE-2005-0247

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the...

6.5CVSS7.7AI score0.23114EPSS

CVE•added 2006/02/14 7:6 p.m.•47 views

CVE-2006-0678

PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553.

1.5CVSS5.8AI score0.02066EPSS

CVE•added 2005/05/03 4:0 a.m.•44 views

CVE-2005-1410

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and poss...

2.1CVSS6.9AI score0.001EPSS

CVE•added 2006/01/10 8:3 p.m.•38 views

CVE-2006-0105

PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests.

5CVSS6.6AI score0.01928EPSS