Lucene search

K
PostgresqlPostgresql9.1

24 matches found

CVE
CVE
added 2013/04/04 5:55 p.m.1529 views

CVE-2013-1903

PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors.

10CVSS9.3AI score0.00725EPSS
CVE
CVE
added 2013/04/04 5:55 p.m.797 views

CVE-2013-1902

PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."

10CVSS9AI score0.00596EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.310 views

CVE-2014-0066

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer derefere...

4CVSS4.8AI score0.01914EPSS
CVE
CVE
added 2017/05/12 7:29 p.m.305 views

CVE-2017-7486

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

7.5CVSS7.2AI score0.04593EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.242 views

CVE-2014-0065

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.

6.5CVSS5.4AI score0.12624EPSS
CVE
CVE
added 2013/02/13 1:55 a.m.215 views

CVE-2013-0255

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a ...

6.8CVSS6.3AI score0.03086EPSS
CVE
CVE
added 2015/10/26 2:59 p.m.214 views

CVE-2015-5288

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.

6.4CVSS7.7AI score0.0333EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.201 views

CVE-2014-0060

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command be...

4CVSS5.2AI score0.00918EPSS
CVE
CVE
added 2013/04/04 5:55 p.m.190 views

CVE-2013-1899

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection ...

6.5CVSS6.5AI score0.88079EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.187 views

CVE-2014-0063

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDAT...

6.5CVSS6.4AI score0.12624EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.185 views

CVE-2014-0062

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables...

4.9CVSS5AI score0.00757EPSS
CVE
CVE
added 2012/07/18 11:55 p.m.182 views

CVE-2012-0866

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitra...

6.5CVSS6.4AI score0.01064EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.179 views

CVE-2014-0064

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow...

6.5CVSS5.6AI score0.12668EPSS
CVE
CVE
added 2012/07/18 11:55 p.m.177 views

CVE-2012-0868

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL...

6.8CVSS6.9AI score0.0578EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.171 views

CVE-2014-0061

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed ...

6.5CVSS5.1AI score0.01565EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.170 views

CVE-2014-0067

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

4.6CVSS9AI score0.00118EPSS
CVE
CVE
added 2012/07/18 11:55 p.m.167 views

CVE-2012-2655

PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.

4CVSS6AI score0.01492EPSS
CVE
CVE
added 2012/10/03 9:55 p.m.155 views

CVE-2012-3488

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to ar...

4.9CVSS6.4AI score0.00351EPSS
CVE
CVE
added 2013/04/04 5:55 p.m.126 views

CVE-2013-1900

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."

8.5CVSS6.7AI score0.01474EPSS
CVE
CVE
added 2012/07/18 11:55 p.m.110 views

CVE-2012-0867

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

4.3CVSS6.2AI score0.01231EPSS
CVE
CVE
added 2015/05/28 2:59 p.m.109 views

CVE-2015-3165

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session...

4.3CVSS9.1AI score0.07299EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.108 views

CVE-2014-2669

Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_...

6.5CVSS9.1AI score0.12668EPSS
CVE
CVE
added 2012/10/06 10:55 p.m.89 views

CVE-2012-1618

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to...

7.5CVSS7.5AI score0.01331EPSS
CVE
CVE
added 2013/04/04 5:55 p.m.73 views

CVE-2013-1901

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

4CVSS6.1AI score0.00216EPSS