Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
PostgresqlRecent
RecentMost viewed

149 matches found

PostrgeSql
PostrgeSql•added 2020/11/12 12:0 a.m.•166 views

Vulnerability in client (CVE-2020-25694)

Reconnection can downgrade connection security settings Many PostgreSQL-provided client applications have options that create additional database connections. Some of those applications reuse only the basic connection parameters e.g. host, user, port, dropping others. If this drops a...

8.1CVSS6.9AI score0.01574EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2020/08/13 12:0 a.m.•71 views

Vulnerability in core server (CVE-2020-14349)

Uncontrolled search path element in logical replication The PostgreSQL searchpath setting determines schemas searched for tables, functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize searchpath, but logical replication continued to leave...

7.1CVSS7.8AI score0.02235EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2020/08/13 12:0 a.m.•99 views

Vulnerability in core server (CVE-2020-14350)

Uncontrolled search path element in CREATE EXTENSION When a superuser runs certain CREATE EXTENSION statements, users may be able to execute arbitrary SQL functions under the identity of that superuser. The attacker must have permission to create objects in the new extension's schema or a schema ...

7.3CVSS7.8AI score0.00532EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2020/05/14 12:0 a.m.•85 views

Vulnerability in packaging (CVE-2020-10733)

Windows installer runs executables from uncontrolled directories The Windows installer for PostgreSQL invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intend...

7.3CVSS7.3AI score0.0053EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2020/02/13 12:0 a.m.•122 views

Vulnerability in core server (CVE-2020-1720)

ALTER ... DEPENDS ON EXTENSION is missing authorization checks. The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is...

6.5CVSS6AI score0.01188EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2020/01/27 3:29 p.m.•54 views

Vulnerability in core server (CVE-2014-8161)

Constraint violation errors can cause display of values in columns which the user would not normally have rights to see...

4.3CVSS6.6AI score0.0251EPSS
Exploits0Affected Software1
PostrgeSql
PostrgeSql•added 2019/12/04 12:0 a.m.•151 views

Vulnerability in packaging (CVE-2019-3466)

pgctlcluster script in postgresql-common does not drop privileges when creating socket/statistics temporary directories A PostgreSQL superuser could escalate to root using a deficiency in the pgctlcluster command. pgctlcluster is a utility provided by the "postgresql-common" package that is...

7.8CVSS7.7AI score0.00499EPSS
Exploits1References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/08/08 12:0 a.m.•422 views

Vulnerability in packaging (CVE-2019-10211)

Windows installer bundled OpenSSL executes code from unprotected directory When the database server or libpq client library initializes SSL, libeay32.dll attempts to read configuration from a hard-coded directory. Typically, the directory does not exist, but any local user could create it and...

9.8CVSS8.6AI score0.01866EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/08/08 12:0 a.m.•106 views

Vulnerability in core server (CVE-2019-10209)

Memory disclosure in cross-type comparison for hashed subplan In a database containing hypothetical, user-defined hash equality operators, an attacker could read arbitrary bytes of server memory. For an attack to become possible, a superuser would need to create unusual operators. It is possible...

3.5CVSS5.8AI score0.01079EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/08/08 12:0 a.m.•97 views

Vulnerability in core server (CVE-2019-10208)

TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call havi...

8.8CVSS8.5AI score0.0217EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/08/08 12:0 a.m.•136 views

Vulnerability in packaging (CVE-2019-10210)

Windows installer writes superuser password to unprotected temporary file The EnterpriseDB Windows installer writes a password to a temporary file in its installation directory, creates initial databases, and deletes the file. During those seconds while the file exists, a local attacker can read...

7CVSS6.5AI score0.00385EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/06/20 12:0 a.m.•599 views

Vulnerability in core server (CVE-2019-10164)

Stack-based buffer overflow via setting a password An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as th...

9CVSS8.6AI score0.03711EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/05/09 12:0 a.m.•91 views

Vulnerability in packaging (CVE-2019-10128)

EnterpriseDB Windows installer does not clear permissive ACL entries Due to both the EnterpriseDB and BigSQL Windows installers not locking down the permissions of the PostgreSQL binary installation directory and the data directory, an unprivileged Windows user account and an unprivileged...

7.8CVSS8.1AI score0.00428EPSS
Exploits1References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/05/09 12:0 a.m.•85 views

Vulnerability in core server (CVE-2019-10130)

Selectivity estimators bypass row security policies PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could...

4.3CVSS6.6AI score0.01085EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/05/09 12:0 a.m.•83 views

Vulnerability in packaging (CVE-2019-10127)

BigSQL Windows installer does not clear permissive ACL entries. Due to both the EnterpriseDB and BigSQL Windows installers not locking down the permissions of the PostgreSQL binary installation directory and the data directory, an unprivileged Windows user account and an unprivileged PostgreSQL...

8.8CVSS8.9AI score0.00315EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/05/09 12:0 a.m.•60 views

Vulnerability in core server (CVE-2019-10129)

Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table...

6.5CVSS6.4AI score0.01633EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/11/08 12:0 a.m.•551 views

Vulnerability in core server (CVE-2018-16850)

SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING...

9.8CVSS9.1AI score0.0515EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/08/09 12:0 a.m.•564 views

Vulnerability in core server (CVE-2018-10925)

Memory disclosure and missing authorization in INSERT ... ON CONFLICT DO UPDATE...

8.1CVSS7.3AI score0.02241EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/08/09 12:0 a.m.•589 views

Vulnerability in client (CVE-2018-10915)

Certain host connection parameters defeat client-side security defenses...

8.5CVSS7.3AI score0.05154EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/05/10 12:0 a.m.•667 views

Vulnerability in contrib module (CVE-2018-1115)

Too-permissive access control list on function pglogfilerotate...

9.1CVSS6.5AI score0.04042EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/03/01 12:0 a.m.•682 views

Vulnerability in client (CVE-2018-1058)

Uncontrolled search path element in pgdump and other client applications...

8.8CVSS7.7AI score0.14142EPSS
Exploits1References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/02/08 12:0 a.m.•557 views

Vulnerability in core server (CVE-2018-1052)

Memory disclosure in table partitioning...

6.5CVSS6.4AI score0.01826EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/02/08 12:0 a.m.•600 views

Vulnerability in client (CVE-2018-1053)

pgupgrade creates file of sensitive metadata under prevailing umask...

7CVSS6.9AI score0.00491EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/11/09 12:0 a.m.•601 views

Vulnerability in core server (CVE-2017-15098)

Memory disclosure in JSON functions...

8.1CVSS7.5AI score0.03723EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/11/09 12:0 a.m.•556 views

Vulnerability in core server (CVE-2017-7548)

loput function ignores ACLs...

7.5CVSS7.5AI score0.03517EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/11/09 12:0 a.m.•590 views

Vulnerability in core server (CVE-2017-15099)

INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges...

6.5CVSS6.9AI score0.06324EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/11/09 12:0 a.m.•645 views

Vulnerability in contrib module (CVE-2017-12172)

Start scripts permit database administrator to modify root-owned files...

7.2CVSS5.9AI score0.00586EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/08/10 12:0 a.m.•616 views

Vulnerability in core server (CVE-2017-7547)

pgusermappings view discloses passwords to users lacking server privileges...

8.8CVSS8AI score0.05581EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/08/10 12:0 a.m.•625 views

Vulnerability in core server (CVE-2017-7546)

empty password accepted in some authentication methods...

9.8CVSS8.8AI score0.61566EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/05/11 12:0 a.m.•564 views

Vulnerability in core server (CVE-2017-7486)

pgusermappings view discloses foreign server passwords...

7.5CVSS7.5AI score0.06331EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/05/11 12:0 a.m.•612 views

Vulnerability in core server (CVE-2017-7484)

selectivity estimators bypass SELECT privilege checks...

7.5CVSS7.6AI score0.0256EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/05/11 12:0 a.m.•570 views

Vulnerability in client (CVE-2017-7485)

libpq ignores PGREQUIRESSL environment variable...

5.9CVSS6.4AI score0.02042EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/10/27 12:0 a.m.•1013 views

Vulnerability in packaging (CVE-2016-7048)

Interactive installer downloads software over plain HTTP, then executes it...

9.3CVSS8AI score0.04915EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/08/11 12:0 a.m.•614 views

Vulnerability in client (CVE-2016-5424)

Exceptional database and role names could enable escalation to superuser...

7.1CVSS7.4AI score0.0465EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/08/11 12:0 a.m.•591 views

Vulnerability in core server (CVE-2016-5423)

Certain nested CASE/WHEN expressions can crash server...

8.3CVSS8.2AI score0.06011EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/03/31 12:0 a.m.•565 views

Vulnerability in core server (CVE-2016-2193)

Plan cache might use wrong role context for RLS policy...

7.5CVSS7AI score0.01807EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/03/31 12:0 a.m.•600 views

Vulnerability in contrib module (CVE-2016-3065)

pageinspect does not check permissions for BRIN indexes...

9.1CVSS9.2AI score0.03347EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/02/11 12:0 a.m.•560 views

Vulnerability in core server (CVE-2016-0773)

Unchecked regex can crash the server...

7.5CVSS7.6AI score0.07005EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/10/08 12:0 a.m.•567 views

Vulnerability in contrib module (CVE-2015-5288)

Memory leak in crypt function...

6.4CVSS7.9AI score0.0457EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/10/08 12:0 a.m.•561 views

Vulnerability in core server (CVE-2015-5289)

Unchecked JSON input can crash the server...

6.4CVSS8.5AI score0.05045EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/05/22 12:0 a.m.•80 views

Vulnerability in contrib module (CVE-2015-3167)

pgcrypto has multiple error messages for decryption with an incorrect key...

7.5CVSS8.5AI score0.03965EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/05/22 12:0 a.m.•561 views

Vulnerability in core server (CVE-2015-3165)

Double "free" after authentication timeout...

4.3CVSS9.5AI score0.08565EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/05/22 12:0 a.m.•103 views

Vulnerability in core server (CVE-2015-3166)

Unanticipated errors from the standard library...

9.8CVSS9.4AI score0.04649EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/02/05 12:0 a.m.•70 views

Vulnerability in core server (CVE-2015-0241)

Buffer overruns in "tochar" functions...

8.8CVSS9.1AI score0.05533EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/02/05 12:0 a.m.•67 views

Vulnerability in core server (CVE-2015-0244)

An error in extended protocol message reading...

9.8CVSS9.1AI score0.04193EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/02/05 12:0 a.m.•44 views

Vulnerability in contrib module (CVE-2015-0243)

Memory errors in functions in the pgcrypto extension...

8.8CVSS9.2AI score0.05124EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/02/05 12:0 a.m.•568 views

Vulnerability in core server (CVE-2015-0242)

Buffer overrun in replacement printf family of functions...

8.8CVSS9.1AI score0.05072EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2014/03/28 5:0 p.m.•609 views

Vulnerability in core server (CVE-2014-0060)

SET ROLE bypasses lack of ADMIN OPTION...

4CVSS6.4AI score0.04124EPSS
Exploits2Affected Software1
PostrgeSql
PostrgeSql•added 2014/03/28 5:0 p.m.•634 views

Vulnerability in core server (CVE-2014-0065)

Potential buffer overruns of fixed-size buffers...

6.5CVSS6.5AI score0.05046EPSS
Exploits1Affected Software1
PostrgeSql
PostrgeSql•added 2014/03/28 5:0 p.m.•606 views

Vulnerability in core server (CVE-2014-0061)

Privilege escalation via calls to validator functions...

6.5CVSS6.5AI score0.0493EPSS
Exploits1Affected Software1
Total number of security vulnerabilities149