Vulnerabilities > Postgresql > Postgresql > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-05-19 | CVE-2010-1447 | Permissions, Privileges, and Access Controls vulnerability in Postgresql The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. | 8.5 |
| 2010-05-19 | CVE-2010-1169 | Code Injection vulnerability in Postgresql PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. | 8.5 |
| 2009-10-22 | CVE-2009-2943 | Remote Security vulnerability in Ocaml Postgresql-Ocaml 1.12.1/1.5.4/1.7.0 The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | 7.5 |
| 2006-05-24 | CVE-2006-2314 | SQL Injection vulnerability in PostgreSQL Multibyte Character Encoding PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. | 7.5 |
| 2006-05-24 | CVE-2006-2313 | SQL Injection vulnerability in PostgreSQL Multibyte Character Encoding PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." | 7.5 |
| 2005-05-03 | CVE-2005-1409 | Privilege Escalation vulnerability in PostgreSQL Character Set Conversion PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability." | 7.5 |
| 2003-11-03 | CVE-2003-0901 | Buffer Overflow vulnerability in PostgreSQL To_Ascii() Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code. | 7.5 |
| 2003-01-17 | CVE-2002-1400 | Unspecified vulnerability in Postgresql Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string. | 7.5 |
| 2003-01-17 | CVE-2002-1397 | Buffer Overflow vulnerability in PostgreSQL cash_words Function Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow. | 7.5 |
| 2002-12-31 | CVE-2002-1657 | Use of Password Hash With Insufficient Computational Effort vulnerability in Postgresql 7.3.19 PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | 7.5 |