Vulnerabilities > Postgresql > Postgresql > 10.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-16 | CVE-2020-25694 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 8.1 |
2020-09-16 | CVE-2020-10733 | Untrusted Search Path vulnerability in Postgresql The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. | 4.4 |
2020-08-24 | CVE-2020-14350 | Untrusted Search Path vulnerability in multiple products It was found that some PostgreSQL extensions did not use search_path safely in their installation script. | 7.3 |
2020-08-24 | CVE-2020-14349 | Uncontrolled Search Path Element vulnerability in multiple products It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. | 7.1 |
2020-03-17 | CVE-2020-1720 | Missing Authorization vulnerability in multiple products A flaw was found in PostgreSQL's "ALTER ... | 6.5 |
2019-10-29 | CVE-2019-10211 | Unspecified vulnerability in Postgresql Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | 7.5 |
2019-10-29 | CVE-2019-10210 | Insufficiently Protected Credentials vulnerability in Postgresql Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | 7.0 |
2019-10-29 | CVE-2019-10208 | SQL Injection vulnerability in Postgresql A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. | 6.5 |
2019-06-26 | CVE-2019-10164 | Out-of-bounds Write vulnerability in multiple products PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. | 8.8 |
2019-04-01 | CVE-2019-9193 | OS Command Injection vulnerability in Postgresql In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. | 7.2 |