12.3

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-09	CVE-2023-2454	schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. network low complexity postgresql redhat fedoraproject	7.2
2023-06-09	CVE-2023-2455	Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. network low complexity postgresql redhat fedoraproject	5.4
2023-03-03	CVE-2022-41862	In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. network high complexity postgresql fedoraproject redhat	3.7
2022-08-31	CVE-2022-1552	Unspecified vulnerability in Postgresql A flaw was found in PostgreSQL. network low complexity postgresql	8.8
2022-08-25	CVE-2021-43767	Improper Certificate Validation vulnerability in Postgresql Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. network high complexity postgresql CWE-295	5.9
2022-08-18	CVE-2022-2625	A vulnerability was found in PostgreSQL. network low complexity postgresql fedoraproject redhat	8.0
2022-03-04	CVE-2021-23214	When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. network high complexity postgresql fedoraproject redhat	8.1
2022-03-02	CVE-2021-23222	Unspecified vulnerability in Postgresql A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. network high complexity postgresql	5.9
2022-03-02	CVE-2021-3677	A flaw was found in postgresql. network low complexity postgresql redhat fedoraproject	6.5
2021-10-11	CVE-2021-32028	Unspecified vulnerability in Postgresql A flaw was found in postgresql. network low complexity postgresql	6.5