Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:postgresql:postgresql:8.2.16:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-1170 |
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. Published: May 19, 2010; 2:30:03 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2010-1169 |
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447. Published: May 19, 2010; 2:30:02 PM -0400 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2010-0733 |
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. Published: March 19, 2010; 3:30:00 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2009-2943 |
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. Published: October 22, 2009; 12:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |