VulnerableCode Package Details - pkg:ebuild/dev-db/postgresql-base@9

Search for packages

Vulnerability	Summary	Fixed by
VCID-1qsp-wvwq-j3f5 Aliases: CVE-2009-0922	It is possible to cause a momentary denial of service when there is a failure to convert a localized error message to the client-specified encoding. A valid login is required to exploit this vulnerability.more details	9.0.5 Affected by 0 other vulnerabilities.
VCID-1uzm-h9m3-akge Aliases: CVE-2010-1170	Insecure permissions on the pltcl_modules table could allow an authenticated user to run arbitrary Tcl code on the database server if PL/Tcl is installed and enabled.more details	9.0.5 Affected by 0 other vulnerabilities.
VCID-666x-ret3-xufr Aliases: CVE-2010-4015	An authenticated database user can cause a buffer overrun by calling functions from the intarray optional module with certain parameters.more details	9.0.5 Affected by 0 other vulnerabilities.
VCID-6dmy-t1qp-nuf3 Aliases: CVE-2009-3231	If PostgreSQL is configured with LDAP authentication, and your LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password.more details	9.0.5 Affected by 0 other vulnerabilities.
VCID-6vh2-2sja-xba9 Aliases: CVE-2010-0733	Multiple vulnerabilities in the PostgreSQL server and client allow remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service.	9.0.5 Affected by 0 other vulnerabilities.
VCID-721k-9zdg-buhv Aliases: CVE-2009-3230	The fix for issue CVE-2007-6600 (below) failed to include protection against misuse of RESET SESSION AUTHORIZATION.more details	9.0.5 Affected by 0 other vulnerabilities.
VCID-7ev2-5qge-uubs Aliases: CVE-2010-0442	Multiple vulnerabilities in the PostgreSQL server and client allow remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service.	9.0.5 Affected by 0 other vulnerabilities.
VCID-7q99-jk4u-1fen Aliases: CVE-2010-3433	An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges.Detailsmore details	9.0.5 Affected by 0 other vulnerabilities.
VCID-c8ch-zd9x-kufn Aliases: CVE-2009-4034	NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue.more details	9.0.5 Affected by 0 other vulnerabilities.
VCID-cffd-gdpc-uqeb Aliases: CVE-2010-1169	A vulnerability in Safe.pm and PL/Perl can allow an authenticated user to run arbitrary Perl code on the database server if PL/Perl is installed and enabled.more details	9.0.5 Affected by 0 other vulnerabilities.
VCID-s8a2-wbb4-dyda Aliases: CVE-2009-3229	Authenticated non-superusers can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there.more details	9.0.5 Affected by 0 other vulnerabilities.
VCID-sxmd-5tzu-hkav Aliases: CVE-2011-2483	Multiple vulnerabilities were found in PHP, the worst of which leading to remote execution of arbitrary code.	9.0.5 Affected by 0 other vulnerabilities.
VCID-u5h4-4p6j-wbay Aliases: CVE-2009-4136	Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (below).more details	9.0.5 Affected by 0 other vulnerabilities.
VCID-v69z-cmag-xfaf Aliases: CVE-2010-1975	An unprivileged database user can remove superuser-only settings that were applied to his account with ALTER USER by a superuser, thus bypassing settings that should be enforced.more details	9.0.5 Affected by 0 other vulnerabilities.
VCID-xzhq-u9n2-c3gn Aliases: CVE-2010-1447	Multiple vulnerabilities in the PostgreSQL server and client allow remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service.	9.0.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1qsp-wvwq-j3f5
Aliases:
CVE-2009-0922

It is possible to cause a momentary denial of service when there is a failure to convert a localized error message to the client-specified encoding. A valid login is required to exploit this vulnerability.more details