Vulnerabilities > Postgresql

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2014-8161 Information Exposure Through an Error Message vulnerability in multiple products
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
network
low complexity
postgresql debian CWE-209
4.0
2019-11-20 CVE-2015-3167 Information Exposure vulnerability in multiple products
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
network
low complexity
postgresql debian canonical CWE-200
5.0
2019-11-20 CVE-2015-3166 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
network
low complexity
postgresql debian canonical CWE-119
7.5
2019-11-20 CVE-2019-3466 Improper Privilege Management vulnerability in multiple products
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
local
low complexity
postgresql canonical debian CWE-269
7.2
2019-10-29 CVE-2019-10211 Unspecified vulnerability in Postgresql
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.
network
low complexity
postgresql
7.5
2019-10-29 CVE-2019-10210 Insufficiently Protected Credentials vulnerability in Postgresql
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
local
high complexity
postgresql CWE-522
7.0
2019-10-29 CVE-2019-10209 Out-of-bounds Read vulnerability in Postgresql
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.
3.5
2019-10-29 CVE-2019-10208 SQL Injection vulnerability in Postgresql
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function.
network
low complexity
postgresql CWE-89
6.5
2019-07-30 CVE-2019-10130 Improper Access Control vulnerability in Postgresql
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17.
network
low complexity
postgresql CWE-284
4.0
2019-07-30 CVE-2019-10129 Out-of-bounds Read vulnerability in Postgresql 11.0/11.1/11.2
A vulnerability was found in postgresql versions 11.x prior to 11.3.
network
low complexity
postgresql CWE-125
6.5