Description

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

Remediation

References

CVE-2014-0062

Related Vulnerabilities

PHP mail function ASCII control character header spoofing vulnerability

WordPress Plugin AdRotate-Ad manager & AdSense Ads 'track' Parameter SQL Injection (3.6.5)

Apache HTTP Server Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2004-0748)

e107 Deserialization of Untrusted Data Vulnerability (CVE-2016-10753)

WordPress Plugin YITH WooCommerce Product Add-Ons Multiple Vulnerabilities (2.0.7)

Severity

Medium

Classification

CVE-2014-0062 CWE-362

Tags

Missing Update Known Vulnerabilities