Postgresql@9.3.2 Security Vulnerabilities and Issues — Postgresql@9.3.2 CVE List

Lucene search

PostgresqlPostgresql9.3.2

9 matches found

CVE•added 2014/03/31 2:58 p.m.•310 views

CVE-2014-0066

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer derefere...

4CVSS4.8AI score0.01914EPSS

CVE•added 2014/03/31 2:58 p.m.•242 views

CVE-2014-0065

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.

6.5CVSS5.4AI score0.12624EPSS

CVE•added 2014/03/31 2:58 p.m.•201 views

CVE-2014-0060

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command be...

4CVSS5.2AI score0.00918EPSS

CVE•added 2014/03/31 2:58 p.m.•187 views

CVE-2014-0063

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDAT...

6.5CVSS6.4AI score0.12624EPSS

CVE•added 2014/03/31 2:58 p.m.•185 views

CVE-2014-0062

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables...

4.9CVSS5AI score0.00757EPSS

CVE•added 2014/03/31 2:58 p.m.•179 views

CVE-2014-0064

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow...

6.5CVSS5.6AI score0.12668EPSS

CVE•added 2014/03/31 2:58 p.m.•171 views

CVE-2014-0061

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed ...

6.5CVSS5.1AI score0.01565EPSS

CVE•added 2014/03/31 2:58 p.m.•170 views

CVE-2014-0067

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

4.6CVSS9AI score0.00118EPSS

CVE•added 2014/03/31 2:58 p.m.•108 views

CVE-2014-2669

Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_...

6.5CVSS9.1AI score0.12668EPSS