Lucene search

K
PostgresqlPostgresql9.3.2

20 matches found

CVE
CVE
added 2017/08/16 6:29 p.m.538 views

CVE-2017-7546

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

9.8CVSS8.8AI score0.30422EPSS
CVE
CVE
added 2017/11/22 7:29 p.m.345 views

CVE-2017-12172

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides...

7.2CVSS6.9AI score0.00047EPSS
CVE
CVE
added 2017/11/22 5:29 p.m.323 views

CVE-2017-15098

Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

8.1CVSS7.5AI score0.00864EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.310 views

CVE-2014-0066

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer derefere...

4CVSS4.8AI score0.01914EPSS
CVE
CVE
added 2017/08/16 6:29 p.m.309 views

CVE-2017-7547

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.

8.8CVSS7.8AI score0.00931EPSS
CVE
CVE
added 2017/05/12 7:29 p.m.305 views

CVE-2017-7486

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

7.5CVSS7.2AI score0.04593EPSS
CVE
CVE
added 2017/05/12 7:29 p.m.248 views

CVE-2017-7485

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/...

5.9CVSS6.2AI score0.01319EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.242 views

CVE-2014-0065

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.

6.5CVSS5.4AI score0.12624EPSS
CVE
CVE
added 2015/10/26 2:59 p.m.214 views

CVE-2015-5288

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.

6.4CVSS7.7AI score0.0333EPSS
CVE
CVE
added 2017/05/12 7:29 p.m.214 views

CVE-2017-7484

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attac...

7.5CVSS7.3AI score0.01255EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.201 views

CVE-2014-0060

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command be...

4CVSS5.2AI score0.00918EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.187 views

CVE-2014-0063

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDAT...

6.5CVSS6.4AI score0.12624EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.185 views

CVE-2014-0062

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables...

4.9CVSS5AI score0.00757EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.179 views

CVE-2014-0064

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow...

6.5CVSS5.6AI score0.12668EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.171 views

CVE-2014-0061

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed ...

6.5CVSS5.1AI score0.01565EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.170 views

CVE-2014-0067

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

4.6CVSS9AI score0.00118EPSS
CVE
CVE
added 2016/12/09 11:59 p.m.154 views

CVE-2016-5423

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a...

8.3CVSS8.7AI score0.03275EPSS
CVE
CVE
added 2016/12/09 11:59 p.m.149 views

CVE-2016-5424

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline ...

7.1CVSS7.2AI score0.01611EPSS
CVE
CVE
added 2015/05/28 2:59 p.m.109 views

CVE-2015-3165

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session...

4.3CVSS9.1AI score0.07299EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.108 views

CVE-2014-2669

Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_...

6.5CVSS9.1AI score0.12668EPSS