- Home
- CVEs with nessus.description==The version of PostgreSQL installed on the remote host is 9.0.x prior to 9.0.23, 9.1.x prior to 9.1.19, 9.2.x prior to 9.2.14, 9.3.x prior to 9.3.10, or 9.4.x prior to 9.4.5. It is, therefore, affected by multiple vulnerabilities :
- A denial of service vulnerability exists due to an unspecified flaw in the crypt() function. An authenticated, remote attacker can exploit this to cause a memory leak, resulting in a denial of service condition. (CVE-2015-5288)
- A denial of service vulnerability exists due to improper validation of user-supplied JSON input. An authenticated, remote attacker can exploit this, via specially crafted JSON input, to cause the server to crash. (CVE-2015-5289)
- A denial of service vulnerability exists due to a flaw that is triggered when a function is executed in an outer-subtransaction cursor. An authenticated, remote attacker can exploit this to cause a denial of service condition. (VulnDB 129228)
- Multiple stack overflow conditions exist due to improper validation of user-supplied input when handling input to record types, range types, json, jsonb, tsquery, ltxtquery and query_int. An authenticated, remote attacker can exploit this to cause a denial of service condition and potentially remote code execution.
(VulnDB 129229)
- An information disclosure vulnerability exists due to world-readable permissions granted to temporary files that are created during a pg_dump with tar-format output. A local attacker can exploit this disclose sensitive information. (VulnDB 129230)
- An overflow condition exists due to improper validation of user-supplied input when handling SIMILAR TO and LIKE matching regular expressions. An authenticated, remote attacker can exploit this to cause a stack overflow, resulting in a denial of service condition.
(VulnDB 129231)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top