Vulnerability in packaging (CVE-2016-7048)

Interactive installer downloads software over plain HTTP, then executes it...

Vulnerability in contrib module (CVE-2013-1900)

Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess...

Vulnerability in contrib module (CVE-2014-0066)

Potential null pointer dereference crash when crypt3 returns NULL...

Vulnerability in client (CVE-2018-1058)

Uncontrolled search path element in pgdump and other client applications...

Vulnerability in core server (CVE-2012-2655)

SECURITY DEFINER and SET attributes on procedural call handlers are not ignored and can be used to crash the server...

Vulnerability in contrib module (CVE-2018-1115)

Too-permissive access control list on function pglogfilerotate...

Vulnerability in core server (CVE-2010-3433)

An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges.Details...

Vulnerability in core server (CVE-2014-0064)

Potential buffer overruns due to integer overflow in size calculations...

Vulnerability in contrib module (CVE-2017-12172)

Start scripts permit database administrator to modify root-owned files...

Vulnerability in core server (CVE-2010-1169)

A vulnerability in Safe.pm and PL/Perl can allow an authenticated user to run arbitrary Perl code on the database server if PL/Perl is installed and enabled...

Vulnerability in core server (CVE-2014-0065)

Potential buffer overruns of fixed-size buffers...

Vulnerability in core server (CVE-2017-7546)

empty password accepted in some authentication methods...

Vulnerability in core server (CVE-2010-1975)

An unprivileged database user can remove superuser-only settings that were applied to his account with ALTER USER by a superuser, thus bypassing settings that should be enforced...

Vulnerability in core server (CVE-2013-0255)

executing enumrecv with wrong parameters crashes server...

Vulnerability in core server (CVE-2017-7547)

pgusermappings view discloses passwords to users lacking server privileges...

Vulnerability in client (CVE-2016-5424)

Exceptional database and role names could enable escalation to superuser...

Vulnerability in core server (CVE-2017-7484)

selectivity estimators bypass SELECT privilege checks...

Vulnerability in core server (CVE-2014-0060)

SET ROLE bypasses lack of ADMIN OPTION...

Vulnerability in core server (CVE-2012-0868)

Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pgdump file...

Vulnerability in core server (CVE-2014-0061)

Privilege escalation via calls to validator functions...

Vulnerability in core server (CVE-2012-0867)

SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities...

Vulnerability in contrib module (CVE-2012-2143)

Passwords containing the byte 0x80 passed to the crypt function in pgcrypto are incorrectly truncated if DES encryption was used...

Vulnerability in core server (CVE-2017-15098)

Memory disclosure in JSON functions...

Vulnerability in client (CVE-2018-1053)

pgupgrade creates file of sensitive metadata under prevailing umask...

Vulnerability in contrib module (CVE-2016-3065)

pageinspect does not check permissions for BRIN indexes...

Vulnerability in core server (CVE-2019-10164)

Stack-based buffer overflow via setting a password An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as th...

Vulnerability in core server (CVE-2014-0062)

Race condition in CREATE INDEX allows for privilege escalation...

Vulnerability in core server (CVE-2014-0063)

Potential buffer overruns in datetime input/output...

Vulnerability in core server (CVE-2016-5423)

Certain nested CASE/WHEN expressions can crash server...

Vulnerability in core server (CVE-2017-15099)

INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges...

Vulnerability in core server (CVE-2012-0866)

Permissions on a function called by a trigger are not properly checked...

Vulnerability in client (CVE-2018-10915)

Certain host connection parameters defeat client-side security defenses...

Vulnerability in core server (CVE-2010-1170)

Insecure permissions on the pltclmodules table could allow an authenticated user to run arbitrary Tcl code on the database server if PL/Tcl is installed and enabled...

Vulnerability in core server (CVE-2012-3489)

xmlparse DTD validation can be used to read arbitrary files...

Vulnerability in contrib module (CVE-2010-4015)

An authenticated database user can cause a buffer overrun by calling functions from the intarray optional module with certain parameters...

Vulnerability in contrib module (CVE-2012-3488)

contrib/xml2's xsltprocess can be used to read and write arbitrary files...

Vulnerability in core server (CVE-2013-1899)

A connection request containing a database name that begins with "-" may be crafted to damage or destroy files within a server's data directory...

Vulnerability in client (CVE-2017-7485)

libpq ignores PGREQUIRESSL environment variable...

Vulnerability in core server (CVE-2015-0242)

Buffer overrun in replacement printf family of functions...

Vulnerability in core server (CVE-2016-2193)

Plan cache might use wrong role context for RLS policy...

Vulnerability in contrib module (CVE-2015-5288)

Memory leak in crypt function...

Vulnerability in core server (CVE-2018-10925)

Memory disclosure and missing authorization in INSERT ... ON CONFLICT DO UPDATE...

Vulnerability in core server (CVE-2017-7486)

pgusermappings view discloses foreign server passwords...

Vulnerability in other (CVE-2014-0067)

Unauthenticated users may gain access to the database server during "make check"...

Vulnerability in core server (CVE-2015-3165)

Double "free" after authentication timeout...

Vulnerability in core server (CVE-2016-0773)

Unchecked regex can crash the server...

Vulnerability in core server (CVE-2015-5289)

Unchecked JSON input can crash the server...

Vulnerability in core server (CVE-2018-1052)

Memory disclosure in table partitioning...

Vulnerability in core server (CVE-2017-7548)

loput function ignores ACLs...

Vulnerability in core server (CVE-2018-16850)

SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING...