Vulnerabilities > Postgresql > Postgresql > 9.2.19
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-04 | CVE-2021-23214 | SQL Injection vulnerability in multiple products When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | 8.1 |
2021-04-01 | CVE-2021-3393 | Information Exposure Through an Error Message vulnerability in multiple products An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. | 3.5 |
2021-03-19 | CVE-2019-10128 | Improper Access Control vulnerability in Postgresql A vulnerability was found in postgresql versions 11.x prior to 11.3. | 4.1 |
2021-03-19 | CVE-2019-10127 | Improper Access Control vulnerability in Postgresql A vulnerability was found in postgresql versions 11.x prior to 11.3. | 4.3 |
2020-11-16 | CVE-2020-25695 | SQL Injection vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 8.8 |
2020-11-16 | CVE-2020-25694 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 8.1 |
2019-10-29 | CVE-2019-10211 | Unspecified vulnerability in Postgresql Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | 7.5 |
2019-10-29 | CVE-2019-10210 | Insufficiently Protected Credentials vulnerability in Postgresql Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | 7.0 |
2018-05-10 | CVE-2018-1115 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. | 9.1 |
2018-03-01 | CVE-2017-14798 | Race Condition vulnerability in multiple products A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. | 7.0 |