Vulnerabilities > Postgresql
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-16 | CVE-2022-0959 | Unrestricted Upload of File with Dangerous Type vulnerability in Postgresql Pgadmin 4 A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. | 3.5 |
2022-03-10 | CVE-2022-26520 | Unspecified vulnerability in Postgresql Jdbc Driver ** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. | 7.5 |
2022-03-04 | CVE-2021-23214 | SQL Injection vulnerability in multiple products When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | 5.1 |
2022-03-02 | CVE-2021-23222 | Insufficiently Protected Credentials vulnerability in Postgresql A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. | 4.3 |
2022-03-02 | CVE-2021-3677 | A flaw was found in postgresql. | 4.0 |
2022-02-02 | CVE-2022-21724 | Improper Initialization vulnerability in multiple products pgjdbc is the offical PostgreSQL JDBC Driver. | 7.5 |
2021-10-11 | CVE-2021-32028 | Unspecified vulnerability in Postgresql A flaw was found in postgresql. | 4.0 |
2021-10-08 | CVE-2021-32029 | Information Exposure vulnerability in multiple products A flaw was found in postgresql. | 4.0 |
2021-06-01 | CVE-2021-32027 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. | 6.5 |
2021-04-01 | CVE-2021-3393 | Information Exposure Through an Error Message vulnerability in multiple products An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. | 3.5 |