Lucene search

[email protected]NVD:CVE-2014-0061

HistoryMar 31, 2014 - 2:58 p.m.

CVE-2014-0061

2014-03-3114:58:15

CWE-264

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

9.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.

Affected configurations

NVD

Node

postgresqlpostgresqlRange≤8.4.19

postgresqlpostgresqlMatch8.4.1

postgresqlpostgresqlMatch8.4.2

postgresqlpostgresqlMatch8.4.3

postgresqlpostgresqlMatch8.4.4

postgresqlpostgresqlMatch8.4.5

postgresqlpostgresqlMatch8.4.6

postgresqlpostgresqlMatch8.4.7

postgresqlpostgresqlMatch8.4.8

postgresqlpostgresqlMatch8.4.9

postgresqlpostgresqlMatch8.4.10

postgresqlpostgresqlMatch8.4.11

postgresqlpostgresqlMatch8.4.12

postgresqlpostgresqlMatch8.4.13

postgresqlpostgresqlMatch8.4.14

postgresqlpostgresqlMatch8.4.15

postgresqlpostgresqlMatch8.4.16

postgresqlpostgresqlMatch8.4.17

postgresqlpostgresqlMatch8.4.18

postgresqlpostgresqlMatch9.0

postgresqlpostgresqlMatch9.0.1

postgresqlpostgresqlMatch9.0.2

postgresqlpostgresqlMatch9.0.3

postgresqlpostgresqlMatch9.0.4

postgresqlpostgresqlMatch9.0.5

postgresqlpostgresqlMatch9.0.6

postgresqlpostgresqlMatch9.0.7

postgresqlpostgresqlMatch9.0.8

postgresqlpostgresqlMatch9.0.9

postgresqlpostgresqlMatch9.0.10

postgresqlpostgresqlMatch9.0.11

postgresqlpostgresqlMatch9.0.12

postgresqlpostgresqlMatch9.0.13

postgresqlpostgresqlMatch9.0.14

postgresqlpostgresqlMatch9.0.15

postgresqlpostgresqlMatch9.1

postgresqlpostgresqlMatch9.1.1

postgresqlpostgresqlMatch9.1.2

postgresqlpostgresqlMatch9.1.3

postgresqlpostgresqlMatch9.1.4

postgresqlpostgresqlMatch9.1.5

postgresqlpostgresqlMatch9.1.6

postgresqlpostgresqlMatch9.1.7

postgresqlpostgresqlMatch9.1.8

postgresqlpostgresqlMatch9.1.9

postgresqlpostgresqlMatch9.1.10

postgresqlpostgresqlMatch9.1.11

postgresqlpostgresqlMatch9.2

postgresqlpostgresqlMatch9.2.1

postgresqlpostgresqlMatch9.2.2

postgresqlpostgresqlMatch9.2.3

postgresqlpostgresqlMatch9.2.4

postgresqlpostgresqlMatch9.2.5

postgresqlpostgresqlMatch9.2.6

postgresqlpostgresqlMatch9.3

postgresqlpostgresqlMatch9.3.1

postgresqlpostgresqlMatch9.3.2

References

archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.opensuse.org/opensuse-updates/2014-03/msg00018.html

lists.opensuse.org/opensuse-updates/2014-03/msg00038.html

rhn.redhat.com/errata/RHSA-2014-0211.html

rhn.redhat.com/errata/RHSA-2014-0221.html

rhn.redhat.com/errata/RHSA-2014-0249.html

rhn.redhat.com/errata/RHSA-2014-0469.html

secunia.com/advisories/61307

support.apple.com/kb/HT6448

wiki.postgresql.org/wiki/20140220securityrelease

www.debian.org/security/2014/dsa-2864

www.debian.org/security/2014/dsa-2865

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.postgresql.org/about/news/1506/

www.ubuntu.com/usn/USN-2120-1

support.apple.com/kb/HT6536

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

9.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for NVD:CVE-2014-0061

cve1 debiancve1 prion1 cvelist1 ubuntucve1 postgresql1 huawei1 centos3 oraclelinux2 kaspersky1 veracode3 nessus24 openvas26 amazon2 redhat4 securityvulns6 ubuntu1 seebug1 debian2 osv2 mageia2 freebsd1 gentoo1 oracle1