Search Results (Refine Search)
- CPE Product Version: cpe:/a:postgresql:postgresql:8.3.18
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-2143 |
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. Published: July 05, 2012; 10:55:02 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-0733 |
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. Published: March 19, 2010; 3:30:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |