VYPR

rpm package

opensuse/postgresql95&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/postgresql95&distro=openSUSE%20Tumbleweed

Vulnerabilities (37)

  • CVE-2013-1900Apr 4, 2013
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto fu

  • CVE-2013-1899Apr 4, 2013
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code

  • CVE-2013-0255Feb 13, 2013
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticate

  • CVE-2012-3489MedOct 3, 2012
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file

  • CVE-2012-3488Oct 3, 2012
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger out

  • CVE-2012-2655Jul 18, 2012
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.

  • CVE-2012-0868Jul 18, 2012
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are i

  • CVE-2012-0867Jul 18, 2012
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

  • CVE-2012-0866Jul 18, 2012
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted

  • CVE-2012-2143Jul 5, 2012
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obt

  • CVE-2010-3433Oct 6, 2010
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same ses

  • CVE-2010-1170May 19, 2010
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions,

  • CVE-2010-1169May 19, 2010
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to

  • CVE-2009-4136Dec 15, 2009
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated

  • CVE-2009-4034Dec 15, 2009
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows m

  • CVE-2007-6600Jan 9, 2008
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION

  • CVE-2007-4772Jan 9, 2008
    affected < 9.5.4-1.2fixed 9.5.4-1.2

    The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

Page 2 of 2