VulnerableCode Package Details - pkg:generic/postgresql@8.4.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:generic/postgresql@8.4.0

Essentials
History (25)

purl	pkg:generic/postgresql@8.4.0

Next non-vulnerable version	8.4.1
Latest non-vulnerable version	18.2.0
Risk	3.9

Vulnerabilities affecting this package (25)

Vulnerability	Summary	Fixed by
VCID-1uzm-h9m3-akge Aliases: CVE-2010-1170	Insecure permissions on the pltcl_modules table could allow an authenticated user to run arbitrary Tcl code on the database server if PL/Tcl is installed and enabled.more details	8.4.4 Affected by 0 other vulnerabilities.
VCID-2nve-471m-17h6 Aliases: CVE-2012-2655	SECURITY DEFINER and SET attributes on procedural call handlers are not ignored and can be used to crash the servermore details	8.4.12 Affected by 0 other vulnerabilities. 9.0.8 Affected by 0 other vulnerabilities. 9.1.4 Affected by 0 other vulnerabilities.
VCID-35a3-5eq3-8bep Aliases: CVE-2012-2143	Passwords containing the byte 0x80 passed to the crypt() function in pgcrypto are incorrectly truncated if DES encryption was usedmore details	8.4.12 Affected by 0 other vulnerabilities. 9.0.8 Affected by 0 other vulnerabilities. 9.1.4 Affected by 0 other vulnerabilities.
VCID-666x-ret3-xufr Aliases: CVE-2010-4015	An authenticated database user can cause a buffer overrun by calling functions from the intarray optional module with certain parameters.more details	8.4.7 Affected by 0 other vulnerabilities. 9.0.3 Affected by 0 other vulnerabilities.
VCID-6mck-xykx-yuba Aliases: CVE-2013-0255	executing enum_recv() with wrong parameters crashes servermore details	8.4.16 Affected by 0 other vulnerabilities. 9.0.12 Affected by 0 other vulnerabilities. 9.1.8 Affected by 0 other vulnerabilities. 9.2.3 Affected by 0 other vulnerabilities.
VCID-721k-9zdg-buhv Aliases: CVE-2009-3230	The fix for issue CVE-2007-6600 (below) failed to include protection against misuse of RESET SESSION AUTHORIZATION.more details	8.4.1 Affected by 0 other vulnerabilities.
VCID-7jb6-q4x1-cfbw Aliases: CVE-2012-3489	xml_parse() DTD validation can be used to read arbitrary filesmore details	8.4.13 Affected by 0 other vulnerabilities. 9.0.9 Affected by 0 other vulnerabilities. 9.1.5 Affected by 0 other vulnerabilities.
VCID-7q99-jk4u-1fen Aliases: CVE-2010-3433	An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges.Detailsmore details	8.4.5 Affected by 0 other vulnerabilities. 9.0.1 Affected by 0 other vulnerabilities.
VCID-811b-x31n-tfch Aliases: CVE-2012-0866	Permissions on a function called by a trigger are not properly checked.more details	8.4.11 Affected by 0 other vulnerabilities. 9.0.7 Affected by 0 other vulnerabilities. 9.1.3 Affected by 0 other vulnerabilities.
VCID-8cbh-gwwy-n3eq Aliases: CVE-2014-0064	Potential buffer overruns due to integer overflow in size calculations.more details	8.4.20 Affected by 0 other vulnerabilities. 9.0.16 Affected by 0 other vulnerabilities. 9.1.12 Affected by 0 other vulnerabilities. 9.2.7 Affected by 0 other vulnerabilities. 9.3.3 Affected by 0 other vulnerabilities.
VCID-8j4f-u2tq-1qev Aliases: CVE-2014-0061	Privilege escalation via calls to validator functions.more details	8.4.20 Affected by 0 other vulnerabilities. 9.0.16 Affected by 0 other vulnerabilities. 9.1.12 Affected by 0 other vulnerabilities. 9.2.7 Affected by 0 other vulnerabilities. 9.3.3 Affected by 0 other vulnerabilities.
VCID-bdq4-br3j-7kb8 Aliases: CVE-2012-3488	contrib/xml2's xslt_process() can be used to read and write arbitrary filesmore details	8.4.13 Affected by 0 other vulnerabilities. 9.0.9 Affected by 0 other vulnerabilities. 9.1.5 Affected by 0 other vulnerabilities.
VCID-c8ch-zd9x-kufn Aliases: CVE-2009-4034	NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue.more details	8.4.2 Affected by 0 other vulnerabilities.
VCID-cffd-gdpc-uqeb Aliases: CVE-2010-1169	A vulnerability in Safe.pm and PL/Perl can allow an authenticated user to run arbitrary Perl code on the database server if PL/Perl is installed and enabled.more details	8.4.4 Affected by 0 other vulnerabilities.
VCID-g4tm-8zhw-a7hn Aliases: CVE-2013-1900	Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guessmore details	8.4.17 Affected by 0 other vulnerabilities. 9.0.13 Affected by 0 other vulnerabilities. 9.1.9 Affected by 0 other vulnerabilities. 9.2.4 Affected by 0 other vulnerabilities.
VCID-kbgc-w2jw-auh8 Aliases: CVE-2014-0062	Race condition in CREATE INDEX allows for privilege escalation.more details	8.4.20 Affected by 0 other vulnerabilities. 9.0.16 Affected by 0 other vulnerabilities. 9.1.12 Affected by 0 other vulnerabilities. 9.2.7 Affected by 0 other vulnerabilities. 9.3.3 Affected by 0 other vulnerabilities.
VCID-nz16-gzhk-h3c1 Aliases: CVE-2014-0065	Potential buffer overruns of fixed-size buffers.more details	8.4.20 Affected by 0 other vulnerabilities. 9.0.16 Affected by 0 other vulnerabilities. 9.1.12 Affected by 0 other vulnerabilities. 9.2.7 Affected by 0 other vulnerabilities. 9.3.3 Affected by 0 other vulnerabilities.
VCID-pvxg-byvu-pbec Aliases: CVE-2014-0066	Potential null pointer dereference crash when crypt(3) returns NULL.more details	8.4.20 Affected by 0 other vulnerabilities. 9.0.16 Affected by 0 other vulnerabilities. 9.1.12 Affected by 0 other vulnerabilities. 9.2.7 Affected by 0 other vulnerabilities. 9.3.3 Affected by 0 other vulnerabilities.
VCID-quqr-bg9k-7yb5 Aliases: CVE-2012-0868	Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file.more details	8.4.11 Affected by 0 other vulnerabilities. 9.0.7 Affected by 0 other vulnerabilities. 9.1.3 Affected by 0 other vulnerabilities.
VCID-reab-s9cu-yudn Aliases: CVE-2014-0063	Potential buffer overruns in datetime input/output.more details	8.4.20 Affected by 0 other vulnerabilities. 9.0.16 Affected by 0 other vulnerabilities. 9.1.12 Affected by 0 other vulnerabilities. 9.2.7 Affected by 0 other vulnerabilities. 9.3.3 Affected by 0 other vulnerabilities.
VCID-s8a2-wbb4-dyda Aliases: CVE-2009-3229	Authenticated non-superusers can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there.more details	8.4.1 Affected by 0 other vulnerabilities.
VCID-u5h4-4p6j-wbay Aliases: CVE-2009-4136	Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (below).more details	8.4.2 Affected by 0 other vulnerabilities.
VCID-ux6m-dn6j-37dc Aliases: CVE-2012-0867	SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities.more details	8.4.11 Affected by 0 other vulnerabilities. 9.0.7 Affected by 0 other vulnerabilities. 9.1.3 Affected by 0 other vulnerabilities.
VCID-v69z-cmag-xfaf Aliases: CVE-2010-1975	An unprivileged database user can remove superuser-only settings that were applied to his account with ALTER USER by a superuser, thus bypassing settings that should be enforced.more details	8.4.4 Affected by 0 other vulnerabilities.
VCID-w518-wkek-97ag Aliases: CVE-2014-0060	SET ROLE bypasses lack of ADMIN OPTION.more details	8.4.20 Affected by 0 other vulnerabilities. 9.0.16 Affected by 0 other vulnerabilities. 9.1.12 Affected by 0 other vulnerabilities. 9.2.7 Affected by 0 other vulnerabilities. 9.3.3 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:36:04.813804+00:00	PostgreSQL Importer	Affected by	VCID-s8a2-wbb4-dyda	https://www.postgresql.org/support/security/CVE-2009-3229	38.0.0
2026-04-01T12:36:04.231996+00:00	PostgreSQL Importer	Affected by	VCID-666x-ret3-xufr	https://www.postgresql.org/support/security/CVE-2010-4015	38.0.0
2026-04-01T12:36:04.184902+00:00	PostgreSQL Importer	Affected by	VCID-811b-x31n-tfch	https://www.postgresql.org/support/security/CVE-2012-0866	38.0.0
2026-04-01T12:36:04.153532+00:00	PostgreSQL Importer	Affected by	VCID-ux6m-dn6j-37dc	https://www.postgresql.org/support/security/CVE-2012-0867	38.0.0
2026-04-01T12:36:04.107381+00:00	PostgreSQL Importer	Affected by	VCID-quqr-bg9k-7yb5	https://www.postgresql.org/support/security/CVE-2012-0868	38.0.0
2026-04-01T12:36:04.064519+00:00	PostgreSQL Importer	Affected by	VCID-35a3-5eq3-8bep	https://www.postgresql.org/support/security/CVE-2012-2143	38.0.0
2026-04-01T12:36:04.016024+00:00	PostgreSQL Importer	Affected by	VCID-2nve-471m-17h6	https://www.postgresql.org/support/security/CVE-2012-2655	38.0.0
2026-04-01T12:36:03.970377+00:00	PostgreSQL Importer	Affected by	VCID-bdq4-br3j-7kb8	https://www.postgresql.org/support/security/CVE-2012-3488	38.0.0
2026-04-01T12:36:03.923987+00:00	PostgreSQL Importer	Affected by	VCID-7jb6-q4x1-cfbw	https://www.postgresql.org/support/security/CVE-2012-3489	38.0.0
2026-04-01T12:36:03.858121+00:00	PostgreSQL Importer	Affected by	VCID-6mck-xykx-yuba	https://www.postgresql.org/support/security/CVE-2013-0255	38.0.0
2026-04-01T12:36:03.805949+00:00	PostgreSQL Importer	Affected by	VCID-g4tm-8zhw-a7hn	https://www.postgresql.org/support/security/CVE-2013-1900	38.0.0
2026-04-01T12:36:03.740377+00:00	PostgreSQL Importer	Affected by	VCID-w518-wkek-97ag	https://www.postgresql.org/support/security/CVE-2014-0060	38.0.0
2026-04-01T12:36:03.675921+00:00	PostgreSQL Importer	Affected by	VCID-8j4f-u2tq-1qev	https://www.postgresql.org/support/security/CVE-2014-0061	38.0.0
2026-04-01T12:36:03.605367+00:00	PostgreSQL Importer	Affected by	VCID-kbgc-w2jw-auh8	https://www.postgresql.org/support/security/CVE-2014-0062	38.0.0
2026-04-01T12:36:03.534877+00:00	PostgreSQL Importer	Affected by	VCID-reab-s9cu-yudn	https://www.postgresql.org/support/security/CVE-2014-0063	38.0.0
2026-04-01T12:36:03.461043+00:00	PostgreSQL Importer	Affected by	VCID-8cbh-gwwy-n3eq	https://www.postgresql.org/support/security/CVE-2014-0064	38.0.0
2026-04-01T12:36:03.391442+00:00	PostgreSQL Importer	Affected by	VCID-nz16-gzhk-h3c1	https://www.postgresql.org/support/security/CVE-2014-0065	38.0.0
2026-04-01T12:36:03.315701+00:00	PostgreSQL Importer	Affected by	VCID-pvxg-byvu-pbec	https://www.postgresql.org/support/security/CVE-2014-0066	38.0.0
2026-04-01T12:35:59.339932+00:00	PostgreSQL Importer	Affected by	VCID-721k-9zdg-buhv	https://www.postgresql.org/support/security/CVE-2009-3230	38.0.0
2026-04-01T12:35:59.269025+00:00	PostgreSQL Importer	Affected by	VCID-c8ch-zd9x-kufn	https://www.postgresql.org/support/security/CVE-2009-4034	38.0.0
2026-04-01T12:35:59.190545+00:00	PostgreSQL Importer	Affected by	VCID-u5h4-4p6j-wbay	https://www.postgresql.org/support/security/CVE-2009-4136	38.0.0
2026-04-01T12:35:59.115896+00:00	PostgreSQL Importer	Affected by	VCID-cffd-gdpc-uqeb	https://www.postgresql.org/support/security/CVE-2010-1169	38.0.0
2026-04-01T12:35:59.037632+00:00	PostgreSQL Importer	Affected by	VCID-1uzm-h9m3-akge	https://www.postgresql.org/support/security/CVE-2010-1170	38.0.0
2026-04-01T12:35:58.964083+00:00	PostgreSQL Importer	Affected by	VCID-v69z-cmag-xfaf	https://www.postgresql.org/support/security/CVE-2010-1975	38.0.0
2026-04-01T12:35:58.861473+00:00	PostgreSQL Importer	Affected by	VCID-7q99-jk4u-1fen	https://www.postgresql.org/support/security/CVE-2010-3433	38.0.0