| Max CVSS | 7.2 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-25695 | 6.5 |
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions un
|
19-10-2022 - 15:01 | 16-11-2020 - 01:15 | |
| CVE-2020-25694 | 6.8 |
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while drop
|
19-10-2022 - 15:00 | 16-11-2020 - 01:15 | |
| CVE-2020-10733 | 4.4 |
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended execut
|
06-01-2022 - 14:19 | 16-09-2020 - 15:15 | |
| CVE-2017-12172 | 7.2 |
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary co
|
09-10-2019 - 23:22 | 22-11-2017 - 19:29 | |
| CVE-2017-15099 | 4.0 |
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full re
|
28-08-2018 - 10:29 | 22-11-2017 - 18:29 | |
| CVE-2017-15098 | 5.5 |
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server me
|
28-08-2018 - 10:29 | 22-11-2017 - 17:29 |