Lucene search
K
PostgresqlMost viewed

149 matches found

PostrgeSql
PostrgeSql
•added 2016/10/27 12:0 a.m.•1023 views

Vulnerability in packaging (CVE-2016-7048)

Interactive installer downloads software over plain HTTP, then executes it...

9.3CVSS8AI score0.04915EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2013/04/04 5:0 p.m.•752 views

Vulnerability in contrib module (CVE-2013-1900)

Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess...

8.5CVSS7.8AI score0.04511EPSS
Exploits0Affected Software1
PostrgeSql
PostrgeSql
•added 2018/03/01 12:0 a.m.•693 views

Vulnerability in client (CVE-2018-1058)

Uncontrolled search path element in pgdump and other client applications...

8.8CVSS7.7AI score0.14142EPSS
Exploits1References1Affected Software1
PostrgeSql
PostrgeSql
•added 2014/03/28 5:0 p.m.•692 views

Vulnerability in contrib module (CVE-2014-0066)

Potential null pointer dereference crash when crypt3 returns NULL...

4CVSS6.3AI score0.04682EPSS
Exploits2Affected Software1
PostrgeSql
PostrgeSql
•added 2018/05/10 12:0 a.m.•677 views

Vulnerability in contrib module (CVE-2018-1115)

Too-permissive access control list on function pglogfilerotate...

9.1CVSS6.5AI score0.04042EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2012/07/18 11:0 p.m.•674 views

Vulnerability in core server (CVE-2012-2655)

SECURITY DEFINER and SET attributes on procedural call handlers are not ignored and can be used to crash the server...

4CVSS6.5AI score0.0293EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2010/10/06 4:0 p.m.•660 views

Vulnerability in core server (CVE-2010-3433)

An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges.Details...

6CVSS8.9AI score0.03331EPSS
Exploits0Affected Software1
PostrgeSql
PostrgeSql
•added 2017/11/09 12:0 a.m.•656 views

Vulnerability in contrib module (CVE-2017-12172)

Start scripts permit database administrator to modify root-owned files...

7.2CVSS5.9AI score0.00586EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2014/03/28 5:0 p.m.•656 views

Vulnerability in core server (CVE-2014-0064)

Potential buffer overruns due to integer overflow in size calculations...

6.5CVSS6.7AI score0.05353EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2010/05/19 6:13 p.m.•651 views

Vulnerability in core server (CVE-2010-1169)

A vulnerability in Safe.pm and PL/Perl can allow an authenticated user to run arbitrary Perl code on the database server if PL/Perl is installed and enabled...

8.5CVSS8.8AI score0.04081EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2014/03/28 5:0 p.m.•640 views

Vulnerability in core server (CVE-2014-0065)

Potential buffer overruns of fixed-size buffers...

6.5CVSS6.5AI score0.05046EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2017/08/10 12:0 a.m.•633 views

Vulnerability in core server (CVE-2017-7546)

empty password accepted in some authentication methods...

9.8CVSS8.8AI score0.61566EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2013/02/13 1:0 a.m.•626 views

Vulnerability in core server (CVE-2013-0255)

executing enumrecv with wrong parameters crashes server...

6.8CVSS7.8AI score0.03592EPSS
Exploits0Affected Software1
PostrgeSql
PostrgeSql
•added 2010/05/19 6:13 p.m.•626 views

Vulnerability in core server (CVE-2010-1975)

An unprivileged database user can remove superuser-only settings that were applied to his account with ALTER USER by a superuser, thus bypassing settings that should be enforced...

5.5CVSS5.8AI score0.02658EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2017/08/10 12:0 a.m.•623 views

Vulnerability in core server (CVE-2017-7547)

pgusermappings view discloses passwords to users lacking server privileges...

8.8CVSS8AI score0.05581EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2017/05/11 12:0 a.m.•620 views

Vulnerability in core server (CVE-2017-7484)

selectivity estimators bypass SELECT privilege checks...

7.5CVSS7.6AI score0.0256EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2016/08/11 12:0 a.m.•620 views

Vulnerability in client (CVE-2016-5424)

Exceptional database and role names could enable escalation to superuser...

7.1CVSS7.4AI score0.04612EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2014/03/28 5:0 p.m.•616 views

Vulnerability in core server (CVE-2014-0060)

SET ROLE bypasses lack of ADMIN OPTION...

4CVSS6.4AI score0.04124EPSS
Exploits2Affected Software1
PostrgeSql
PostrgeSql
•added 2017/11/09 12:0 a.m.•612 views

Vulnerability in core server (CVE-2017-15098)

Memory disclosure in JSON functions...

8.1CVSS7.5AI score0.03723EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2014/03/28 5:0 p.m.•612 views

Vulnerability in core server (CVE-2014-0061)

Privilege escalation via calls to validator functions...

6.5CVSS6.5AI score0.0493EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2018/02/08 12:0 a.m.•611 views

Vulnerability in client (CVE-2018-1053)

pgupgrade creates file of sensitive metadata under prevailing umask...

7CVSS6.9AI score0.00491EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2012/07/18 11:0 p.m.•611 views

Vulnerability in core server (CVE-2012-0867)

SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities...

4.3CVSS6.5AI score0.02336EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2012/07/18 11:0 p.m.•611 views

Vulnerability in core server (CVE-2012-0868)

Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pgdump file...

6.8CVSS7AI score0.0257EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2019/06/20 12:0 a.m.•609 views

Vulnerability in core server (CVE-2019-10164)

Stack-based buffer overflow via setting a password An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as th...

9CVSS8.6AI score0.03711EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2012/07/05 2:0 p.m.•609 views

Vulnerability in contrib module (CVE-2012-2143)

Passwords containing the byte 0x80 passed to the crypt function in pgcrypto are incorrectly truncated if DES encryption was used...

4.3CVSS8AI score0.05734EPSS
Exploits0Affected Software1
PostrgeSql
PostrgeSql
•added 2016/03/31 12:0 a.m.•607 views

Vulnerability in contrib module (CVE-2016-3065)

pageinspect does not check permissions for BRIN indexes...

9.1CVSS9.2AI score0.03347EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2014/03/28 5:0 p.m.•605 views

Vulnerability in core server (CVE-2014-0062)

Race condition in CREATE INDEX allows for privilege escalation...

4.9CVSS6.4AI score0.03029EPSS
Exploits2Affected Software1
PostrgeSql
PostrgeSql
•added 2014/03/28 5:0 p.m.•601 views

Vulnerability in core server (CVE-2014-0063)

Potential buffer overruns in datetime input/output...

6.5CVSS6.5AI score0.06666EPSS
Exploits2Affected Software1
PostrgeSql
PostrgeSql
•added 2018/08/09 12:0 a.m.•600 views

Vulnerability in client (CVE-2018-10915)

Certain host connection parameters defeat client-side security defenses...

8.5CVSS7.3AI score0.05154EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2017/11/09 12:0 a.m.•600 views

Vulnerability in core server (CVE-2017-15099)

INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges...

6.5CVSS6.9AI score0.06324EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2016/08/11 12:0 a.m.•598 views

Vulnerability in core server (CVE-2016-5423)

Certain nested CASE/WHEN expressions can crash server...

8.3CVSS8.2AI score0.05962EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2012/07/18 11:0 p.m.•596 views

Vulnerability in core server (CVE-2012-0866)

Permissions on a function called by a trigger are not properly checked...

6.5CVSS6.6AI score0.03625EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2010/05/19 6:13 p.m.•592 views

Vulnerability in core server (CVE-2010-1170)

Insecure permissions on the pltclmodules table could allow an authenticated user to run arbitrary Tcl code on the database server if PL/Tcl is installed and enabled...

6CVSS8.9AI score0.02888EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2012/10/03 9:0 p.m.•589 views

Vulnerability in core server (CVE-2012-3489)

xmlparse DTD validation can be used to read arbitrary files...

6.5CVSS6.5AI score0.03057EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2011/02/02 12:0 a.m.•586 views

Vulnerability in contrib module (CVE-2010-4015)

An authenticated database user can cause a buffer overrun by calling functions from the intarray optional module with certain parameters...

6.5CVSS7.9AI score0.04621EPSS
Exploits0Affected Software1
PostrgeSql
PostrgeSql
•added 2012/10/03 9:0 p.m.•585 views

Vulnerability in contrib module (CVE-2012-3488)

contrib/xml2's xsltprocess can be used to read and write arbitrary files...

4.9CVSS6.6AI score0.03297EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2013/04/04 5:0 p.m.•582 views

Vulnerability in core server (CVE-2013-1899)

A connection request containing a database name that begins with "-" may be crafted to damage or destroy files within a server's data directory...

6.5CVSS7.6AI score0.54312EPSS
Exploits3Affected Software1
PostrgeSql
PostrgeSql
•added 2017/05/11 12:0 a.m.•577 views

Vulnerability in client (CVE-2017-7485)

libpq ignores PGREQUIRESSL environment variable...

5.9CVSS6.4AI score0.02042EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2018/08/09 12:0 a.m.•575 views

Vulnerability in core server (CVE-2018-10925)

Memory disclosure and missing authorization in INSERT ... ON CONFLICT DO UPDATE...

8.1CVSS7.3AI score0.02241EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2015/02/05 12:0 a.m.•575 views

Vulnerability in core server (CVE-2015-0242)

Buffer overrun in replacement printf family of functions...

8.8CVSS9.1AI score0.05136EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2016/03/31 12:0 a.m.•572 views

Vulnerability in core server (CVE-2016-2193)

Plan cache might use wrong role context for RLS policy...

7.5CVSS7AI score0.01807EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2015/10/08 12:0 a.m.•573 views

Vulnerability in contrib module (CVE-2015-5288)

Memory leak in crypt function...

6.4CVSS7.9AI score0.04532EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2017/05/11 12:0 a.m.•571 views

Vulnerability in core server (CVE-2017-7486)

pgusermappings view discloses foreign server passwords...

7.5CVSS7.5AI score0.06331EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2016/02/11 12:0 a.m.•569 views

Vulnerability in core server (CVE-2016-0773)

Unchecked regex can crash the server...

7.5CVSS7.6AI score0.06948EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2015/05/22 12:0 a.m.•569 views

Vulnerability in core server (CVE-2015-3165)

Double "free" after authentication timeout...

4.3CVSS9.5AI score0.08565EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2014/03/28 5:0 p.m.•569 views

Vulnerability in other (CVE-2014-0067)

Unauthenticated users may gain access to the database server during "make check"...

4.6CVSS9.1AI score0.00484EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql
•added 2018/02/08 12:0 a.m.•567 views

Vulnerability in core server (CVE-2018-1052)

Memory disclosure in table partitioning...

6.5CVSS6.4AI score0.01826EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2015/10/08 12:0 a.m.•567 views

Vulnerability in core server (CVE-2015-5289)

Unchecked JSON input can crash the server...

6.4CVSS8.5AI score0.05045EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2018/11/08 12:0 a.m.•565 views

Vulnerability in core server (CVE-2018-16850)

SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING...

9.8CVSS9.1AI score0.0515EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
•added 2017/11/09 12:0 a.m.•563 views

Vulnerability in core server (CVE-2017-7548)

loput function ignores ACLs...

7.5CVSS7.5AI score0.03517EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities149