| 2023-12-10 | CVE-2023-5868 | A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. | 4.3 |
| 2023-12-10 | CVE-2023-5869 | Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. | 8.8 |
| 2023-12-10 | CVE-2023-5870 | A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. | 4.4 |
| 2023-08-11 | CVE-2023-39417 | SQL Injection vulnerability in multiple products
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). | 8.8 |
| 2023-06-09 | CVE-2023-2454 | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | 7.2 |
| 2023-06-09 | CVE-2023-2455 | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. | 5.4 |
| 2022-08-31 | CVE-2022-1552 | Incomplete Cleanup vulnerability in Postgresql
A flaw was found in PostgreSQL. | 8.8 |
| 2022-08-25 | CVE-2021-43767 | Improper Certificate Validation vulnerability in Postgresql
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. | 5.9 |
| 2022-08-18 | CVE-2022-2625 | A vulnerability was found in PostgreSQL. | 8.0 |
| 2022-03-04 | CVE-2021-23214 | SQL Injection vulnerability in multiple products
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | 8.1 |