CVE-2019-10211

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory...

CVE-2019-10210

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file...

CVE-2019-10209

Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan...

CVE-2019-10211

CVE-2019-10211 affects PostgreSQL Windows installers prior to 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24. Root cause: bundled OpenSSL (libeay32.dll) loads configuration from a hardcoded directory during SSL initialization, enabling a local attacker to execute arbitrary code with the calling process’s pr...

ALPINE-CVE-2019-10164

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the...

USN-4027-1 postgresql-10, postgresql-11 vulnerability

Alexander Lakhin discovered that PostgreSQL incorrectly handled authentication. An authenticated attacker or a rogue server could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases...

The vulnerability of the PostgreSQL database management system, related to deficiencies in access control, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PostgreSQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2019-10129

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. Exploit prerequisites...

PT-2019-11636 · Postgresql Global Development Group · Postgresql

Name of the Vulnerable Software and Affected Versions: Postgresql versions prior to 11.5 Postgresql versions prior to 10.10 Postgresql versions prior to 9.6.15 Postgresql versions prior to 9.5.19 Postgresql versions prior to 9.4.24 Description: The issue allows a superuser to write a password to ...

Vulnerability fixed in PostgreSQL

Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...

PT-2019-19427

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 9.3 through 11.2 Description The issue allows superusers and users in the 'pg execute server program' group to execute arbitrary code in the context of the database's operating system user through the "COPY TO/FROM PROGRAM"...

Denial Of Service (DoS)

rh-postgresql96-postgresql is vulnerable to denial of service DoS attacks. The vulnerability exists as invalid jsonpopulaterecordset or jsonbpopulaterecordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can...

The vulnerability of the Postgresql database management system in the Astra Linux operating system allows a perpetrator to gain access to confidential data and cause service interruptions.

The vulnerability of the Postgresql database management system in the Astra Linux operating system is related to an error in the interaction with LDAP via parsec calls when retrieving user security attributes. Exploiting this vulnerability allows a malicious actor to gain access to information...

UBUNTU-CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

postgresql: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

CVE-2016-7048

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software...

CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...

GHSA-WC9V-MJ63-M9G5 Remote Code Execution in pg

Affected versions of pg contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. There are two specific scenarios in which it is likely for an application to be vulnerable: 1. The application executes unsafe, user-supplied sql...

Security Bulletin: IBM Security Access Manager version 9 is affected by a vulnerability in postgreSQL (CVE-2015-5288)

Summary A vulnerability in postgreSQL affects IBM Security Access Manager version 9. Vulnerability Details CVEID: CVE-2015-5288 DESCRIPTION: PostgreSQL could allow a remote attacker to obtain sensitive information, caused by an error in the crypt function included with the optional pgCrypto...

Ubuntu 14.04 LTS / 16.04 LTS : PostgreSQL vulnerability (USN-3589-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3589-1 advisory. It was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code. Tenable h...