Vulnerabilities > Postgresql > Postgresql > 9.0.20

DATE CVE VULNERABILITY TITLE RISK
2022-03-04 CVE-2021-23214 When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
network
high complexity
postgresql fedoraproject redhat
8.1
8.1
2021-04-01 CVE-2021-3393 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11.
network
low complexity
postgresql redhat
4.3
4.3
2021-03-19 CVE-2019-10128 Unspecified vulnerability in Postgresql
A vulnerability was found in postgresql versions 11.x prior to 11.3.
local
low complexity
postgresql
7.8
7.8
2021-03-19 CVE-2019-10127 Unspecified vulnerability in Postgresql
A vulnerability was found in postgresql versions 11.x prior to 11.3.
local
low complexity
postgresql
8.8
8.8
2020-11-16 CVE-2020-25695 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
low complexity
postgresql debian
8.8
8.8
2020-11-16 CVE-2020-25694 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
high complexity
postgresql debian
8.1
8.1
2019-10-29 CVE-2019-10211 Unspecified vulnerability in Postgresql
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.
network
low complexity
postgresql
critical
 9.8
9.8
2019-10-29 CVE-2019-10210 Insufficiently Protected Credentials vulnerability in Postgresql
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
local
high complexity
postgresql CWE-522
7.0
7.0
2018-08-20 CVE-2016-7048 Improper Access Control vulnerability in Postgresql
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
network
high complexity
postgresql CWE-284
8.1
8.1
2018-05-10 CVE-2018-1115 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile.
network
low complexity
postgresql opensuse CWE-732
critical
 9.1
9.1