Total
165 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1975 | 1 Postgresql | 1 Postgresql | 2017-09-19 | 5.5 MEDIUM | N/A |
| PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. | |||||
| CVE-2010-1170 | 1 Postgresql | 1 Postgresql | 2017-09-19 | 6.0 MEDIUM | N/A |
| The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. | |||||
| CVE-2010-1447 | 1 Postgresql | 1 Postgresql | 2017-09-19 | 8.5 HIGH | N/A |
| The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. | |||||
| CVE-2010-1169 | 1 Postgresql | 1 Postgresql | 2017-09-19 | 8.5 HIGH | N/A |
| PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447. | |||||
| CVE-2004-0547 | 1 Postgresql | 1 Postgresql | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2002-1397 | 1 Postgresql | 1 Postgresql | 2017-07-11 | 7.5 HIGH | N/A |
| Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow. | |||||
| CVE-2002-1642 | 1 Postgresql | 1 Postgresql | 2017-07-11 | 7.2 HIGH | N/A |
| PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command. | |||||
| CVE-2015-5288 | 1 Postgresql | 1 Postgresql | 2017-07-01 | 6.4 MEDIUM | N/A |
| The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. | |||||
| CVE-2016-0768 | 1 Postgresql | 1 Postgresql | 2017-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. | |||||
| CVE-2012-0866 | 1 Postgresql | 1 Postgresql | 2016-12-08 | 6.5 MEDIUM | N/A |
| CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table. | |||||
| CVE-2012-0868 | 1 Postgresql | 1 Postgresql | 2016-12-08 | 6.8 MEDIUM | N/A |
| CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored. | |||||
| CVE-2012-3488 | 1 Postgresql | 1 Postgresql | 2016-12-08 | 4.9 MEDIUM | N/A |
| The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue. | |||||
| CVE-2012-0867 | 4 Debian, Opensuse Project, Postgresql and 1 more | 11 Debian Linux, Opensuse, Postgresql and 8 more | 2016-12-07 | 4.3 MEDIUM | N/A |
| PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | |||||
| CVE-2002-1398 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input." | |||||
| CVE-2002-1400 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string. | |||||
| CVE-2002-1399 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 10.0 HIGH | N/A |
| Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2). | |||||
| CVE-2002-1402 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-0972 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad. | |||||
| CVE-2002-0802 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 7.5 HIGH | N/A |
| The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. | |||||
| CVE-2013-1901 | 2 Canonical, Postgresql | 2 Ubuntu Linux, Postgresql | 2013-12-01 | 4.0 MEDIUM | N/A |
| PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. | |||||