Vulnerabilities > Postgresql

DATE CVE VULNERABILITY TITLE RISK
2020-11-23 CVE-2020-25696 Privilege Context Switching Error vulnerability in multiple products
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
high complexity
postgresql debian CWE-270
7.6
2020-11-16 CVE-2020-25695 SQL Injection vulnerability in Postgresql
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
low complexity
postgresql CWE-89
6.5
2020-11-16 CVE-2020-25694 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Postgresql
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
6.8
2020-09-16 CVE-2020-10733 Untrusted Search Path vulnerability in Postgresql
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths.
4.4
2020-08-24 CVE-2020-14350 Untrusted Search Path vulnerability in multiple products
It was found that some PostgreSQL extensions did not use search_path safely in their installation script.
4.4
2020-08-24 CVE-2020-14349 Uncontrolled Search Path Element vulnerability in multiple products
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication.
network
high complexity
postgresql opensuse CWE-427
4.6
2020-06-04 CVE-2020-13692 XXE vulnerability in Postgresql Jdbc Driver
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
6.8
2020-03-17 CVE-2020-1720 Missing Authorization vulnerability in multiple products
A flaw was found in PostgreSQL's "ALTER ...
3.5
2020-01-27 CVE-2015-0244 SQL Injection vulnerability in multiple products
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
network
low complexity
postgresql debian CWE-89
7.5
2020-01-27 CVE-2015-0243 Classic Buffer Overflow vulnerability in multiple products
Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
network
low complexity
postgresql debian CWE-120
6.5