Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0062

Опубликовано: 31 мар. 2014
Источник: nvd
CVSS2: 4.9
EPSS Низкий

Описание

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Версия до 8.4.19 (включая)
cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.15:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.17:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.4.18:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.0.15:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.1.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 72%
0.00757
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

ubuntu логотип

CVE-2014-0062

ubuntu
около 11 лет назад

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

redhat логотип

CVE-2014-0062

redhat
больше 11 лет назад

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

debian логотип

CVE-2014-0062

debian
около 11 лет назад

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE ...

github логотип

GHSA-v5fw-6c5r-3rm6

github
около 3 лет назад

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

oracle-oval логотип

ELSA-2014-0249

oracle-oval
больше 11 лет назад

ELSA-2014-0249: postgresql security update (IMPORTANT)

EPSS

Процентиль: 72%
0.00757
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-362