Postgresql@9.5.5 Security Vulnerabilities and Issues — Postgresql@9.5.5 CVE List

Lucene search

PostgresqlPostgresql9.5.5

8 matches found

CVE•added 2017/08/16 6:29 p.m.•541 views

CVE-2017-7546

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

9.8CVSS8.8AI score0.14844EPSS

CVE•added 2017/11/22 7:29 p.m.•348 views

CVE-2017-12172

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides...

7.2CVSS6.9AI score0.00047EPSS

CVE•added 2017/11/22 5:29 p.m.•328 views

CVE-2017-15098

Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

8.1CVSS7.5AI score0.00841EPSS

CVE•added 2017/08/16 6:29 p.m.•312 views

CVE-2017-7547

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.

8.8CVSS7.8AI score0.012EPSS

CVE•added 2017/05/12 7:29 p.m.•308 views

CVE-2017-7486

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

7.5CVSS7.2AI score0.04593EPSS

CVE•added 2017/11/22 6:29 p.m.•275 views

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileg...

6.5CVSS6.9AI score0.3401EPSS

CVE•added 2017/05/12 7:29 p.m.•251 views

CVE-2017-7485

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/...

5.9CVSS6.2AI score0.01319EPSS

CVE•added 2017/05/12 7:29 p.m.•217 views

CVE-2017-7484

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attac...

7.5CVSS7.3AI score0.01255EPSS