Vulnerabilities > Postgresql

DATE CVE VULNERABILITY TITLE RISK
2022-11-23 CVE-2022-41946 Insecure Temporary File vulnerability in Postgresql Jdbc Driver
pgjdbc is an open source postgresql JDBC Driver.
local
low complexity
postgresql CWE-377
5.5
2022-08-31 CVE-2022-1552 Incomplete Cleanup vulnerability in Postgresql
A flaw was found in PostgreSQL.
network
low complexity
postgresql CWE-459
8.8
2022-08-18 CVE-2022-2625 A vulnerability was found in PostgreSQL.
network
low complexity
postgresql fedoraproject redhat
8.0
2022-08-03 CVE-2022-31197 SQL Injection vulnerability in multiple products
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code.
network
low complexity
postgresql debian fedoraproject CWE-89
8.0
2022-03-16 CVE-2022-0959 Unrestricted Upload of File with Dangerous Type vulnerability in Postgresql Pgadmin 4
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
3.5
2022-03-10 CVE-2022-26520 ** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties.
network
low complexity
postgresql debian
critical
9.8
2022-03-04 CVE-2021-23214 SQL Injection vulnerability in multiple products
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
network
high complexity
postgresql fedoraproject redhat CWE-89
8.1
2022-03-02 CVE-2021-23222 Insufficiently Protected Credentials vulnerability in Postgresql
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
network
high complexity
postgresql CWE-522
5.9
2022-03-02 CVE-2021-3677 Information Exposure vulnerability in multiple products
A flaw was found in postgresql.
network
low complexity
postgresql redhat fedoraproject CWE-200
6.5
2022-02-02 CVE-2022-21724 Improper Initialization vulnerability in multiple products
pgjdbc is the offical PostgreSQL JDBC Driver.
network
low complexity
postgresql fedoraproject quarkus debian CWE-665
critical
9.8