{"url":"http://public2.vulnerablecode.io/api/packages/129848?format=json","purl":"pkg:rpm/redhat/postgresql@7.4.17-1.RHEL4?arch=1","type":"rpm","namespace":"redhat","name":"postgresql","version":"7.4.17-1.RHEL4","qualifiers":{"arch":"1"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3583?format=json","vulnerability_id":"VCID-g5yd-z8gh-pbc4","summary":"A vulnerability involving insecure search_path settings allows unprivileged users to gain the SQL privileges of the owner of any SECURITY DEFINER function they are allowed to call. Securing such a function requires both a software update and changes to the function definition.more details","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2007-0336.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2007-0336.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2138.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2138.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2138","reference_id":"","reference_type":"","scores":[{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81757","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81595","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81606","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81627","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81624","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81657","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81677","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81664","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81696","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81695","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81699","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81724","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81733","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.81739","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2138"},{"reference_url":"http://secunia.com/advisories/24989","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/24989"},{"reference_url":"http://secunia.com/advisories/24999","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/24999"},{"reference_url":"http://secunia.com/advisories/25005","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25005"},{"reference_url":"http://secunia.com/advisories/25019","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25019"},{"reference_url":"http://secunia.com/advisories/25037","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25037"},{"reference_url":"http://secunia.com/advisories/25058","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25058"},{"reference_url":"http://secunia.com/advisories/25184","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25184"},{"reference_url":"http://secunia.com/advisories/25238","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25238"},{"reference_url":"http://secunia.com/advisories/25334","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25334"},{"reference_url":"http://secunia.com/advisories/25717","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25717"},{"reference_url":"http://secunia.com/advisories/25720","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25720"},{"reference_url":"http://secunia.com/advisories/25725","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25725"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200705-12.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200705-12.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33842","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33842"},{"reference_url":"https://issues.rpath.com/browse/RPL-1292","reference_id":"","reference_type":"","scores":[],"url":"https://issues.rpath.com/browse/RPL-1292"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10090","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10090"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102894-1","reference_id":"","reference_type":"","scores":[],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102894-1"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2007-190.htm","reference_id":"","reference_type":"","scores":[],"url":"http://support.avaya.com/elmodocs2/security/ASA-2007-190.htm"},{"reference_url":"https://www.postgresql.org/support/security/CVE-2007-2138/","reference_id":"","reference_type":"","scores":[],"url":"https://www.postgresql.org/support/security/CVE-2007-2138/"},{"reference_url":"http://www.debian.org/security/2007/dsa-1309","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2007/dsa-1309"},{"reference_url":"http://www.debian.org/security/2007/dsa-1311","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2007/dsa-1311"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:094","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:094"},{"reference_url":"http://www.postgresql.org/about/news.791","reference_id":"","reference_type":"","scores":[],"url":"http://www.postgresql.org/about/news.791"},{"reference_url":"http://www.postgresql.org/support/security.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.postgresql.org/support/security.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0337.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2007-0337.html"},{"reference_url":"http://www.securityfocus.com/bid/23618","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/23618"},{"reference_url":"http://www.securitytracker.com/id?1017974","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1017974"},{"reference_url":"http://www.trustix.org/errata/2007/0015/","reference_id":"","reference_type":"","scores":[],"url":"http://www.trustix.org/errata/2007/0015/"},{"reference_url":"http://www.ubuntu.com/usn/usn-454-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-454-1"},{"reference_url":"http://www.vupen.com/english/advisories/2007/1497","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2007/1497"},{"reference_url":"http://www.vupen.com/english/advisories/2007/1549","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2007/1549"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=237682","reference_id":"237682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=237682"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2138","reference_id":"CVE-2007-2138","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2138"},{"reference_url":"https://security.gentoo.org/glsa/200705-12","reference_id":"GLSA-200705-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200705-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0336","reference_id":"RHSA-2007:0336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0337","reference_id":"RHSA-2007:0337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0337"},{"reference_url":"https://usn.ubuntu.com/454-1/","reference_id":"USN-454-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/454-1/"}],"fixed_packages":[],"aliases":["CVE-2007-2138"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g5yd-z8gh-pbc4"}],"fixing_vulnerabilities":[],"risk_score":"2.7","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql@7.4.17-1.RHEL4%3Farch=1"}