Search Results (Refine Search)
- CPE Product Version: cpe:/a:postgresql:postgresql:8.4.11
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-3488 |
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue. Published: October 03, 2012; 5:55:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2012-2655 |
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler. Published: July 18, 2012; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-2143 |
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. Published: July 05, 2012; 10:55:02 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |