Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
PostgresqlRecent
RecentMost viewed

149 matches found

PostrgeSql
PostrgeSql•added 2020/11/12 12:0 a.m.•160 views

Vulnerability in client (CVE-2020-25694)

Reconnection can downgrade connection security settings Many PostgreSQL-provided client applications have options that create additional database connections. Some of those applications reuse only the basic connection parameters e.g. host, user, port, dropping others. If this drops a...

8.1CVSS6.9AI score0.00359EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2020/08/13 12:0 a.m.•94 views

Vulnerability in core server (CVE-2020-14350)

Uncontrolled search path element in CREATE EXTENSION When a superuser runs certain CREATE EXTENSION statements, users may be able to execute arbitrary SQL functions under the identity of that superuser. The attacker must have permission to create objects in the new extension's schema or a schema ...

7.3CVSS7.8AI score0.0003EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2020/08/13 12:0 a.m.•67 views

Vulnerability in core server (CVE-2020-14349)

Uncontrolled search path element in logical replication The PostgreSQL searchpath setting determines schemas searched for tables, functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize searchpath, but logical replication continued to leave...

7.1CVSS7.8AI score0.01548EPSS
Exploits1References1Affected Software1
PostrgeSql
PostrgeSql•added 2020/05/14 12:0 a.m.•81 views

Vulnerability in packaging (CVE-2020-10733)

Windows installer runs executables from uncontrolled directories The Windows installer for PostgreSQL invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intend...

7.3CVSS7.3AI score0.00249EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2020/02/13 12:0 a.m.•117 views

Vulnerability in core server (CVE-2020-1720)

ALTER ... DEPENDS ON EXTENSION is missing authorization checks. The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is...

6.5CVSS6AI score0.00351EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2020/01/27 3:29 p.m.•52 views

Vulnerability in core server (CVE-2014-8161)

Constraint violation errors can cause display of values in columns which the user would not normally have rights to see...

4.3CVSS6.6AI score0.00714EPSS
Exploits0Affected Software1
PostrgeSql
PostrgeSql•added 2019/12/04 12:0 a.m.•146 views

Vulnerability in packaging (CVE-2019-3466)

pgctlcluster script in postgresql-common does not drop privileges when creating socket/statistics temporary directories A PostgreSQL superuser could escalate to root using a deficiency in the pgctlcluster command. pgctlcluster is a utility provided by the "postgresql-common" package that is...

7.8CVSS7.7AI score0.00118EPSS
Exploits1References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/08/08 12:0 a.m.•416 views

Vulnerability in packaging (CVE-2019-10211)

Windows installer bundled OpenSSL executes code from unprotected directory When the database server or libpq client library initializes SSL, libeay32.dll attempts to read configuration from a hard-coded directory. Typically, the directory does not exist, but any local user could create it and...

9.8CVSS8.6AI score0.01186EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/08/08 12:0 a.m.•131 views

Vulnerability in packaging (CVE-2019-10210)

Windows installer writes superuser password to unprotected temporary file The EnterpriseDB Windows installer writes a password to a temporary file in its installation directory, creates initial databases, and deletes the file. During those seconds while the file exists, a local attacker can read...

7CVSS6.5AI score0.00282EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/08/08 12:0 a.m.•92 views

Vulnerability in core server (CVE-2019-10208)

TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call havi...

8.8CVSS8.5AI score0.00197EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/08/08 12:0 a.m.•102 views

Vulnerability in core server (CVE-2019-10209)

Memory disclosure in cross-type comparison for hashed subplan In a database containing hypothetical, user-defined hash equality operators, an attacker could read arbitrary bytes of server memory. For an attack to become possible, a superuser would need to create unusual operators. It is possible...

3.5CVSS5.8AI score0.00387EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/06/20 12:0 a.m.•595 views

Vulnerability in core server (CVE-2019-10164)

Stack-based buffer overflow via setting a password An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as th...

9CVSS8.6AI score0.11379EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/05/09 12:0 a.m.•81 views

Vulnerability in core server (CVE-2019-10130)

Selectivity estimators bypass row security policies PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could...

4.3CVSS6.6AI score0.00254EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/05/09 12:0 a.m.•56 views

Vulnerability in core server (CVE-2019-10129)

Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table...

6.5CVSS6.4AI score0.00419EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/05/09 12:0 a.m.•86 views

Vulnerability in packaging (CVE-2019-10128)

EnterpriseDB Windows installer does not clear permissive ACL entries Due to both the EnterpriseDB and BigSQL Windows installers not locking down the permissions of the PostgreSQL binary installation directory and the data directory, an unprivileged Windows user account and an unprivileged...

7.8CVSS8.1AI score0.00065EPSS
Exploits1References1Affected Software1
PostrgeSql
PostrgeSql•added 2019/05/09 12:0 a.m.•78 views

Vulnerability in packaging (CVE-2019-10127)

BigSQL Windows installer does not clear permissive ACL entries. Due to both the EnterpriseDB and BigSQL Windows installers not locking down the permissions of the PostgreSQL binary installation directory and the data directory, an unprivileged Windows user account and an unprivileged PostgreSQL...

8.8CVSS8.9AI score0.00088EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/11/08 12:0 a.m.•545 views

Vulnerability in core server (CVE-2018-16850)

SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING...

9.8CVSS9.1AI score0.0125EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/08/09 12:0 a.m.•583 views

Vulnerability in client (CVE-2018-10915)

Certain host connection parameters defeat client-side security defenses...

8.5CVSS7.3AI score0.01753EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/08/09 12:0 a.m.•559 views

Vulnerability in core server (CVE-2018-10925)

Memory disclosure and missing authorization in INSERT ... ON CONFLICT DO UPDATE...

8.1CVSS7.3AI score0.00383EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/05/10 12:0 a.m.•662 views

Vulnerability in contrib module (CVE-2018-1115)

Too-permissive access control list on function pglogfilerotate...

9.1CVSS6.5AI score0.00593EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/03/01 12:0 a.m.•677 views

Vulnerability in client (CVE-2018-1058)

Uncontrolled search path element in pgdump and other client applications...

8.8CVSS7.7AI score0.81248EPSS
Exploits1References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/02/08 12:0 a.m.•596 views

Vulnerability in client (CVE-2018-1053)

pgupgrade creates file of sensitive metadata under prevailing umask...

7CVSS6.9AI score0.00088EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2018/02/08 12:0 a.m.•553 views

Vulnerability in core server (CVE-2018-1052)

Memory disclosure in table partitioning...

6.5CVSS6.4AI score0.00457EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/11/09 12:0 a.m.•597 views

Vulnerability in core server (CVE-2017-15098)

Memory disclosure in JSON functions...

8.1CVSS7.5AI score0.00908EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/11/09 12:0 a.m.•551 views

Vulnerability in core server (CVE-2017-7548)

loput function ignores ACLs...

7.5CVSS7.5AI score0.01068EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/11/09 12:0 a.m.•640 views

Vulnerability in contrib module (CVE-2017-12172)

Start scripts permit database administrator to modify root-owned files...

7.2CVSS5.9AI score0.00053EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/11/09 12:0 a.m.•582 views

Vulnerability in core server (CVE-2017-15099)

INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges...

6.5CVSS6.9AI score0.32989EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/08/10 12:0 a.m.•611 views

Vulnerability in core server (CVE-2017-7547)

pgusermappings view discloses passwords to users lacking server privileges...

8.8CVSS8AI score0.01025EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/08/10 12:0 a.m.•620 views

Vulnerability in core server (CVE-2017-7546)

empty password accepted in some authentication methods...

9.8CVSS8.8AI score0.33122EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/05/11 12:0 a.m.•566 views

Vulnerability in client (CVE-2017-7485)

libpq ignores PGREQUIRESSL environment variable...

5.9CVSS6.4AI score0.01107EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/05/11 12:0 a.m.•609 views

Vulnerability in core server (CVE-2017-7484)

selectivity estimators bypass SELECT privilege checks...

7.5CVSS7.6AI score0.01443EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2017/05/11 12:0 a.m.•561 views

Vulnerability in core server (CVE-2017-7486)

pgusermappings view discloses foreign server passwords...

7.5CVSS7.5AI score0.04124EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/10/27 12:0 a.m.•1010 views

Vulnerability in packaging (CVE-2016-7048)

Interactive installer downloads software over plain HTTP, then executes it...

9.3CVSS8AI score0.12058EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/08/11 12:0 a.m.•587 views

Vulnerability in core server (CVE-2016-5423)

Certain nested CASE/WHEN expressions can crash server...

8.3CVSS8.2AI score0.034EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/08/11 12:0 a.m.•610 views

Vulnerability in client (CVE-2016-5424)

Exceptional database and role names could enable escalation to superuser...

7.1CVSS7.4AI score0.01674EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/03/31 12:0 a.m.•562 views

Vulnerability in core server (CVE-2016-2193)

Plan cache might use wrong role context for RLS policy...

7.5CVSS7AI score0.01526EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/03/31 12:0 a.m.•597 views

Vulnerability in contrib module (CVE-2016-3065)

pageinspect does not check permissions for BRIN indexes...

9.1CVSS9.2AI score0.01118EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2016/02/11 12:0 a.m.•557 views

Vulnerability in core server (CVE-2016-0773)

Unchecked regex can crash the server...

7.5CVSS7.6AI score0.10867EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/10/08 12:0 a.m.•557 views

Vulnerability in core server (CVE-2015-5289)

Unchecked JSON input can crash the server...

6.4CVSS8.5AI score0.06572EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/10/08 12:0 a.m.•563 views

Vulnerability in contrib module (CVE-2015-5288)

Memory leak in crypt function...

6.4CVSS7.9AI score0.08949EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/05/22 12:0 a.m.•78 views

Vulnerability in contrib module (CVE-2015-3167)

pgcrypto has multiple error messages for decryption with an incorrect key...

7.5CVSS8.5AI score0.01812EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/05/22 12:0 a.m.•556 views

Vulnerability in core server (CVE-2015-3165)

Double "free" after authentication timeout...

4.3CVSS9.5AI score0.08329EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/05/22 12:0 a.m.•98 views

Vulnerability in core server (CVE-2015-3166)

Unanticipated errors from the standard library...

9.8CVSS9.4AI score0.05386EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/02/05 12:0 a.m.•562 views

Vulnerability in core server (CVE-2015-0242)

Buffer overrun in replacement printf family of functions...

8.8CVSS9.1AI score0.03211EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/02/05 12:0 a.m.•68 views

Vulnerability in core server (CVE-2015-0241)

Buffer overruns in "tochar" functions...

8.8CVSS9.1AI score0.06004EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/02/05 12:0 a.m.•42 views

Vulnerability in contrib module (CVE-2015-0243)

Memory errors in functions in the pgcrypto extension...

8.8CVSS9.2AI score0.06398EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2015/02/05 12:0 a.m.•65 views

Vulnerability in core server (CVE-2015-0244)

An error in extended protocol message reading...

9.8CVSS9.1AI score0.0108EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql•added 2014/03/28 5:0 p.m.•646 views

Vulnerability in core server (CVE-2014-0064)

Potential buffer overruns due to integer overflow in size calculations...

6.5CVSS6.7AI score0.06674EPSS
Exploits2Affected Software1
PostrgeSql
PostrgeSql•added 2014/03/28 5:0 p.m.•680 views

Vulnerability in contrib module (CVE-2014-0066)

Potential null pointer dereference crash when crypt3 returns NULL...

4CVSS6.3AI score0.01472EPSS
Exploits2Affected Software1
PostrgeSql
PostrgeSql•added 2014/03/28 5:0 p.m.•631 views

Vulnerability in core server (CVE-2014-0065)

Potential buffer overruns of fixed-size buffers...

6.5CVSS6.5AI score0.04053EPSS
Exploits2Affected Software1
Total number of security vulnerabilities149