Vulnerabilities > Postgresql
|2020-01-27||CVE-2014-8161|| Information Exposure Through an Error Message vulnerability in multiple products |
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
| 4.0 |
|2019-11-20||CVE-2015-3167|| Information Exposure vulnerability in multiple products |
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
| 5.0 |
|2019-11-20||CVE-2015-3166|| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products |
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
| 7.5 |
|2019-11-20||CVE-2019-3466|| Improper Privilege Management vulnerability in multiple products |
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
| 7.2 |
|2019-10-29||CVE-2019-10211|| Unspecified vulnerability in Postgresql |
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.
| 7.5 |
|2019-10-29||CVE-2019-10210|| Insufficiently Protected Credentials vulnerability in Postgresql |
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
| 7.0 |
|2019-10-29||CVE-2019-10209|| Out-of-bounds Read vulnerability in Postgresql |
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.
| 3.5 |
|2019-10-29||CVE-2019-10208|| SQL Injection vulnerability in Postgresql |
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function.
| 6.5 |
|2019-07-30||CVE-2019-10130|| Improper Access Control vulnerability in Postgresql |
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17.
| 4.0 |
|2019-07-30||CVE-2019-10129|| Out-of-bounds Read vulnerability in Postgresql 11.0/11.1/11.2 |
A vulnerability was found in postgresql versions 11.x prior to 11.3.
| 6.5 |