Vulnerabilities > Postgresql
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2024-10976 | Unspecified vulnerability in Postgresql Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. | 5.4 |
| 2024-11-14 | CVE-2024-10977 | Insufficient Verification of Data Authenticity vulnerability in Postgresql Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. | 3.7 |
| 2024-11-14 | CVE-2024-10978 | Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. | 4.2 |
| 2024-11-14 | CVE-2024-10979 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Postgresql Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. | 8.8 |
| 2024-08-08 | CVE-2024-7348 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Postgresql Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. | 7.5 |
| 2024-05-14 | CVE-2024-4317 | Missing Authorization vulnerability in Postgresql Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. | 4.3 |
| 2024-02-19 | CVE-2024-1597 | SQL Injection vulnerability in multiple products pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. | 9.8 |
| 2024-02-08 | CVE-2024-0985 | Unspecified vulnerability in Postgresql Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. | 8.0 |
| 2023-12-10 | CVE-2023-5868 | A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. | 4.3 |
| 2023-12-10 | CVE-2023-5869 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. | 8.8 |