Vulnerabilities > Postgresql > Postgresql > 9.3.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-27 | CVE-2014-8161 | Information Exposure Through an Error Message vulnerability in multiple products PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. | 4.0 |
2019-11-20 | CVE-2015-3167 | Information Exposure vulnerability in multiple products contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | 5.0 |
2019-11-20 | CVE-2015-3166 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | 7.5 |
2019-10-29 | CVE-2019-10211 | Unspecified vulnerability in Postgresql Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | 7.5 |
2019-10-29 | CVE-2019-10210 | Insufficiently Protected Credentials vulnerability in Postgresql Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | 7.0 |
2019-04-01 | CVE-2019-9193 | OS Command Injection vulnerability in Postgresql In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. | 7.2 |
2018-08-20 | CVE-2016-7048 | Improper Access Control vulnerability in Postgresql The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software. | 8.1 |
2018-08-09 | CVE-2018-10915 | SQL Injection vulnerability in multiple products A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. | 6.0 |
2018-05-10 | CVE-2018-1115 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. | 9.1 |
2018-03-02 | CVE-2018-1058 | A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. | 8.8 |