Vulnerabilities > Postgresql > Postgresql > 8.2.4

DATE CVE VULNERABILITY TITLE RISK
2022-03-04 CVE-2021-23214 SQL Injection vulnerability in multiple products
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
network
high complexity
postgresql fedoraproject redhat CWE-89
8.1
2021-04-01 CVE-2021-3393 Information Exposure Through an Error Message vulnerability in multiple products
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11.
3.5
2021-03-19 CVE-2019-10128 Improper Access Control vulnerability in Postgresql
A vulnerability was found in postgresql versions 11.x prior to 11.3.
4.1
2021-03-19 CVE-2019-10127 Improper Access Control vulnerability in Postgresql
A vulnerability was found in postgresql versions 11.x prior to 11.3.
local
low complexity
postgresql CWE-284
4.3
2020-11-16 CVE-2020-25695 SQL Injection vulnerability in multiple products
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
low complexity
postgresql debian CWE-89
8.8
2020-11-16 CVE-2020-25694 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
high complexity
postgresql debian CWE-327
8.1
2020-01-27 CVE-2015-0244 SQL Injection vulnerability in multiple products
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
network
low complexity
postgresql debian CWE-89
7.5
2020-01-27 CVE-2015-0243 Classic Buffer Overflow vulnerability in multiple products
Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
network
low complexity
postgresql debian CWE-120
6.5
2020-01-27 CVE-2015-0242 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
network
low complexity
postgresql microsoft debian CWE-787
6.5
2020-01-27 CVE-2015-0241 Classic Buffer Overflow vulnerability in multiple products
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.
network
low complexity
postgresql debian CWE-120
6.5