Vulnerabilities > Postgresql

DATE CVE VULNERABILITY TITLE RISK
2019-10-29 CVE-2019-10211 Unspecified vulnerability in Postgresql
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.
network
low complexity
postgresql
critical
9.8
2019-10-29 CVE-2019-10210 Insufficiently Protected Credentials vulnerability in Postgresql
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
local
high complexity
postgresql CWE-522
7.0
2019-10-29 CVE-2019-10209 Out-of-bounds Read vulnerability in Postgresql
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.
network
high complexity
postgresql CWE-125
2.2
2019-10-29 CVE-2019-10208 SQL Injection vulnerability in Postgresql
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function.
network
low complexity
postgresql CWE-89
8.8
2019-07-30 CVE-2019-10130 Improper Access Control vulnerability in multiple products
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17.
network
low complexity
postgresql opensuse CWE-284
4.3
2019-07-30 CVE-2019-10129 Out-of-bounds Read vulnerability in Postgresql 11.0/11.1/11.2
A vulnerability was found in postgresql versions 11.x prior to 11.3.
network
low complexity
postgresql CWE-125
6.5
2019-06-26 CVE-2019-10164 Out-of-bounds Write vulnerability in multiple products
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow.
8.8
2019-04-01 CVE-2019-9193 OS Command Injection vulnerability in Postgresql
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user.
network
low complexity
postgresql CWE-78
7.2
2018-11-13 CVE-2018-16850 SQL Injection vulnerability in multiple products
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ...
network
low complexity
postgresql redhat canonical CWE-89
critical
9.8
2018-08-30 CVE-2018-10936 Improper Validation of Certificate with Host Mismatch vulnerability in multiple products
A weakness was found in postgresql-jdbc before version 42.2.5.
network
high complexity
postgresql redhat CWE-297
8.1