PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 974
CVE-2007-6067
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
CVE-2007-6600
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
CVE-2007-6601
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
CVE-2007-4769
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
CVE-2007-4772
The regular expression parser in TCL before 8.4.17, as used in Postgre ...
CVE-2007-6600
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 ...
CVE-2007-6601
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8 ...
CVE-2007-4769
The regular expression parser in TCL before 8.4.17, as used in Postgre ...
CVE-2007-6067
Algorithmic complexity vulnerability in the regular expression parser ...
CVE-2007-6601
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-6067 Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states. | CVSS2: 6.8 | 1% Низкий | почти 18 лет назад |
| CVE-2007-6600 PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. | CVSS2: 6.5 | 1% Низкий | почти 18 лет назад |
| CVE-2007-6601 The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. | CVSS2: 7.2 | 0% Низкий | почти 18 лет назад |
| CVE-2007-4769 The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. | CVSS2: 6.8 | 1% Низкий | почти 18 лет назад |
| CVE-2007-4772 The regular expression parser in TCL before 8.4.17, as used in Postgre ... | CVSS2: 4 | 1% Низкий | почти 18 лет назад |
| CVE-2007-6600 PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 ... | CVSS2: 6.5 | 1% Низкий | почти 18 лет назад |
| CVE-2007-6601 The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8 ... | CVSS2: 7.2 | 0% Низкий | почти 18 лет назад |
| CVE-2007-4769 The regular expression parser in TCL before 8.4.17, as used in Postgre ... | CVSS2: 6.8 | 1% Низкий | почти 18 лет назад |
| CVE-2007-6067 Algorithmic complexity vulnerability in the regular expression parser ... | CVSS2: 6.8 | 1% Низкий | почти 18 лет назад |
 | CVE-2007-6601 The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. | CVSS2: 7.2 | 0% Низкий | почти 18 лет назад |
Уязвимостей на страницу