VulnerableCode Package Details - pkg:ebuild/dev-db/postgresql@9

Search for packages

Vulnerability	Summary	Fixed by
VCID-1qsp-wvwq-j3f5 Aliases: CVE-2009-0922	It is possible to cause a momentary denial of service when there is a failure to convert a localized error message to the client-specified encoding. A valid login is required to exploit this vulnerability.more details	There are no reported fixed by versions.
VCID-1uzm-h9m3-akge Aliases: CVE-2010-1170	Insecure permissions on the pltcl_modules table could allow an authenticated user to run arbitrary Tcl code on the database server if PL/Tcl is installed and enabled.more details	There are no reported fixed by versions.
VCID-666x-ret3-xufr Aliases: CVE-2010-4015	An authenticated database user can cause a buffer overrun by calling functions from the intarray optional module with certain parameters.more details	There are no reported fixed by versions.
VCID-6dmy-t1qp-nuf3 Aliases: CVE-2009-3231	If PostgreSQL is configured with LDAP authentication, and your LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password.more details	There are no reported fixed by versions.
VCID-6vh2-2sja-xba9 Aliases: CVE-2010-0733	Multiple vulnerabilities in the PostgreSQL server and client allow remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service.	There are no reported fixed by versions.
VCID-721k-9zdg-buhv Aliases: CVE-2009-3230	The fix for issue CVE-2007-6600 (below) failed to include protection against misuse of RESET SESSION AUTHORIZATION.more details	There are no reported fixed by versions.
VCID-7ev2-5qge-uubs Aliases: CVE-2010-0442	Multiple vulnerabilities in the PostgreSQL server and client allow remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service.	There are no reported fixed by versions.
VCID-7q99-jk4u-1fen Aliases: CVE-2010-3433	An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges.Detailsmore details	There are no reported fixed by versions.
VCID-c8ch-zd9x-kufn Aliases: CVE-2009-4034	NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue.more details	There are no reported fixed by versions.
VCID-cffd-gdpc-uqeb Aliases: CVE-2010-1169	A vulnerability in Safe.pm and PL/Perl can allow an authenticated user to run arbitrary Perl code on the database server if PL/Perl is installed and enabled.more details	There are no reported fixed by versions.
VCID-s8a2-wbb4-dyda Aliases: CVE-2009-3229	Authenticated non-superusers can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there.more details	There are no reported fixed by versions.
VCID-sxmd-5tzu-hkav Aliases: CVE-2011-2483	Multiple vulnerabilities were found in PHP, the worst of which leading to remote execution of arbitrary code.	There are no reported fixed by versions.
VCID-u5h4-4p6j-wbay Aliases: CVE-2009-4136	Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (below).more details	There are no reported fixed by versions.
VCID-v69z-cmag-xfaf Aliases: CVE-2010-1975	An unprivileged database user can remove superuser-only settings that were applied to his account with ALTER USER by a superuser, thus bypassing settings that should be enforced.more details	There are no reported fixed by versions.
VCID-xzhq-u9n2-c3gn Aliases: CVE-2010-1447	Multiple vulnerabilities in the PostgreSQL server and client allow remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1qsp-wvwq-j3f5
Aliases:
CVE-2009-0922

It is possible to cause a momentary denial of service when there is a failure to convert a localized error message to the client-specified encoding. A valid login is required to exploit this vulnerability.more details