Vulnerabilities > Postgresql
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-09 | CVE-2023-2455 | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. | 5.4 |
| 2023-03-03 | CVE-2022-41862 | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. | 3.7 |
| 2022-12-13 | CVE-2022-4223 | Missing Authorization vulnerability in multiple products The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. | 8.8 |
| 2022-11-23 | CVE-2022-41946 | Exposure of Resource to Wrong Sphere vulnerability in multiple products pgjdbc is an open source postgresql JDBC Driver. | 5.5 |
| 2022-08-31 | CVE-2022-1552 | Incomplete Cleanup vulnerability in Postgresql A flaw was found in PostgreSQL. | 8.8 |
| 2022-08-25 | CVE-2021-43767 | Improper Certificate Validation vulnerability in Postgresql Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. | 5.9 |
| 2022-08-18 | CVE-2022-2625 | A vulnerability was found in PostgreSQL. | 8.0 |
| 2022-08-03 | CVE-2022-31197 | SQL Injection vulnerability in multiple products PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. | 8.0 |
| 2022-03-16 | CVE-2022-0959 | Unrestricted Upload of File with Dangerous Type vulnerability in Postgresql Pgadmin 4 A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. | 6.5 |
| 2022-03-10 | CVE-2022-26520 | In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. | 9.8 |