Max CVSS | 7.6 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-5289 | 6.4 |
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (
|
24-02-2023 - 18:44 | 26-10-2015 - 14:59 | |
CVE-2017-15097 | 7.2 |
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
|
12-02-2023 - 23:28 | 27-07-2018 - 20:29 | |
CVE-2018-10915 | 6.0 |
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untru
|
04-08-2021 - 17:14 | 09-08-2018 - 20:29 | |
CVE-2020-25696 | 7.6 |
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attac
|
15-12-2020 - 19:37 | 23-11-2020 - 22:15 | |
CVE-2020-1720 | 3.5 |
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et
|
17-08-2020 - 19:15 | 17-03-2020 - 16:15 | |
CVE-2015-0244 | 7.5 |
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafte
|
31-01-2020 - 20:18 | 27-01-2020 - 16:15 | |
CVE-2015-3167 | 5.0 |
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via
|
22-11-2019 - 15:18 | 20-11-2019 - 21:15 | |
CVE-2017-7547 | 4.0 |
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having
|
03-10-2019 - 00:03 | 16-08-2017 - 18:29 | |
CVE-2017-7486 | 5.0 |
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
|
05-01-2018 - 02:31 | 12-05-2017 - 19:29 | |
CVE-2016-5424 | 4.6 |
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \
|
05-01-2018 - 02:31 | 09-12-2016 - 23:59 | |
CVE-2016-0773 | 5.0 |
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a
|
09-12-2017 - 02:29 | 17-02-2016 - 15:59 |