VYPR

Ingres

by Actian

CVEs (4)

  • CVE-2008-3357Aug 5, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."

  • CVE-2008-3356Aug 5, 2008
    risk 0.00cvss epss 0.00

    verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to…

  • CVE-2008-3389Aug 5, 2008
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb,…

  • CVE-2007-6334Dec 20, 2007
    risk 0.00cvss epss 0.02

    Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.