VYPR

rpm package

suse/postgresql94-libs&distro=SUSE Linux Enterprise Software Development Kit 12

pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Vulnerabilities (5)

  • CVE-2016-0773HigFeb 17, 2016
    affected < 9.4.6-7.1fixed 9.4.6-7.1

    PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

  • CVE-2016-0766HigFeb 17, 2016
    affected < 9.4.6-7.1fixed 9.4.6-7.1

    PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.

  • CVE-2015-5289Oct 26, 2015
    affected < 9.4.5-4.1fixed 9.4.5-4.1

    Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.

  • CVE-2015-5288Oct 26, 2015
    affected < 9.4.5-4.1fixed 9.4.5-4.1

    The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.

  • CVE-2007-4772Jan 9, 2008
    affected < 9.4.6-7.1fixed 9.4.6-7.1

    The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.