National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:postgresql:postgresql:7.2.3
There are 39 matching records.
Displaying matches 21 through 39.
Vuln ID Summary CVSS Severity
CVE-2014-0063

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.

Published: March 31, 2014; 10:58:15 AM -04:00
    V2: 6.5 MEDIUM
CVE-2014-0062

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

Published: March 31, 2014; 10:58:15 AM -04:00
    V2: 4.9 MEDIUM
CVE-2014-0061

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.

Published: March 31, 2014; 10:58:15 AM -04:00
    V2: 6.5 MEDIUM
CVE-2014-0060

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.

Published: March 31, 2014; 10:58:08 AM -04:00
    V2: 4.0 MEDIUM
CVE-2012-4575

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.

Published: November 18, 2012; 02:55:01 PM -05:00
    V2: 5.0 MEDIUM
CVE-2010-3781

The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.

Published: October 06, 2010; 05:00:01 PM -04:00
    V2: 6.0 MEDIUM
CVE-2010-0733

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.

Published: March 19, 2010; 03:30:00 PM -04:00
    V2: 3.5 LOW
CVE-2009-2943

The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Published: October 22, 2009; 12:30:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-2138

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

Published: April 24, 2007; 04:19:00 PM -04:00
    V2: 6.0 MEDIUM
CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

Published: February 05, 2007; 08:28:00 PM -05:00
    V2: 6.6 MEDIUM
CVE-2006-5540

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."

Published: October 26, 2006; 01:07:00 PM -04:00
    V2: 4.0 MEDIUM
CVE-2005-1409

PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."

Published: May 03, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-0227

PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2005-0244

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 6.5 MEDIUM
CVE-2005-0246

The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-0247

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 6.5 MEDIUM
CVE-2005-0245

Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.

Published: February 01, 2005; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2003-0901

Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code.

Published: November 03, 2003; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1401

Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.

Published: January 17, 2003; 12:00:00 AM -05:00
    V2: 6.5 MEDIUM