{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T19:56:20.830","vulnerabilities":[{"cve":{"id":"CVE-2007-2138","sourceIdentifier":"cve@mitre.org","published":"2007-04-24T20:19:00.000","lastModified":"2026-04-23T00:35:47.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to \"search_path settings.\""},{"lang":"es","value":"Vulnerabilidad de búsqueda en ruta no confiable en PostgreSQL anterior a 7.3.19, 7.4.x anterior a  7.4.17, 8.0.x anterior a 8.0.13, 8.1.x anterior a 8.1.9, y 8.2.x anterior a 8.2.4 permite a usuarios remotos validados, cuando se permite hacer la llamada a la función SECURITY DEFINER, para ganar los privilegios de la función propietaria, relacionado con \"configuración de search_path\"."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionEndExcluding":"7.3.19","matchCriteriaId":"6BF727EC-685A-447E-98AE-3624804E4B5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4","versionEndExcluding":"7.4.17","matchCriteriaId":"45734FD5-793E-45D3-9D27-6DFFAFF51358"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0","versionEndExcluding":"8.0.13","matchCriteriaId":"806CED04-05CA-4D9A-91AE-FD1071BEC34D"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1","versionEndExcluding":"8.1.9","matchCriteriaId":"080EAF40-B674-488F-A420-A0578321A4C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2","versionEndExcluding":"8.2.4","matchCriteriaId":"3BB30658-2400-4CE0-8B70-606FB7505C0E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*","matchCriteriaId":"A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","matchCriteriaId":"0F92AB32-E7DE-43F4-B877-1F41FA162EC7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","matchCriteriaId":"5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*","matchCriteriaId":"23E304C9-F780-4358-A58D-1E4C93977704"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","matchCriteriaId":"6EBDAFF8-DE44-4E80-B6BD-E341F767F501"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2007-0336.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/24989","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/24999","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25005","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25019","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25037","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25058","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25184","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25238","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25334","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25717","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25720","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25725","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://security.gentoo.org/glsa/glsa-200705-12.xml","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102894-1","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2007-190.htm","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2007/dsa-1309","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2007/dsa-1311","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:094","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.postgresql.org/about/news.791","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.postgresql.org/support/security.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0337.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/23618","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id?1017974","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.trustix.org/errata/2007/0015/","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://www.ubuntu.com/usn/usn-454-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.vupen.com/english/advisories/2007/1497","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.vupen.com/english/advisories/2007/1549","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33842","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://issues.rpath.com/browse/RPL-1292","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10090","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2007-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/24989","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/24999","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25005","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25019","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25037","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25058","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25184","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25238","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25334","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25717","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25720","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/25725","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://security.gentoo.org/glsa/glsa-200705-12.xml","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102894-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2007-190.htm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2007/dsa-1309","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2007/dsa-1311","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:094","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.postgresql.org/about/news.791","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.postgresql.org/support/security.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/23618","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id?1017974","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.trustix.org/errata/2007/0015/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://www.ubuntu.com/usn/usn-454-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.vupen.com/english/advisories/2007/1497","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.vupen.com/english/advisories/2007/1549","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33842","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://issues.rpath.com/browse/RPL-1292","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10090","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}