11.11

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-10	CVE-2023-5868	A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. network low complexity postgresql redhat	4.3
2023-12-10	CVE-2023-5869	Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. network low complexity postgresql redhat CWE-190	8.8
2023-12-10	CVE-2023-5870	A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. network high complexity postgresql redhat	4.4
2023-08-11	CVE-2023-39417	SQL Injection vulnerability in multiple products IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). network low complexity postgresql redhat debian CWE-89	8.8
2023-06-09	CVE-2023-2454	schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. network low complexity postgresql redhat fedoraproject	7.2
2023-06-09	CVE-2023-2455	Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. network low complexity postgresql redhat fedoraproject	5.4
2022-08-31	CVE-2022-1552	Unspecified vulnerability in Postgresql A flaw was found in PostgreSQL. network low complexity postgresql	8.8
2022-08-25	CVE-2021-43767	Improper Certificate Validation vulnerability in Postgresql Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. network high complexity postgresql CWE-295	5.9
2022-08-18	CVE-2022-2625	A vulnerability was found in PostgreSQL. network low complexity postgresql fedoraproject redhat	8.0
2022-03-04	CVE-2021-23214	When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. network high complexity postgresql fedoraproject redhat	8.1