Description

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

Remediation

References

CVE-2014-0062

Related Vulnerabilities

WordPress Plugin Site Offline Or Coming Soon Or Maintenance Mode Cross-Site Request Forgery (1.4.3)

Jboss EAP Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2022-0853)

WordPress 4.4.x Cross-Domain Flash Injection Vulnerability (4.4 - 4.4.13)

WordPress Plugin Page Generator Cross-Site Scripting (1.5.8)

SharePoint CVE-2020-16950 Vulnerability (CVE-2020-16950)

Severity

Medium

Classification

CVE-2014-0062 CWE-362

Tags

Missing Update Known Vulnerabilities