Vulnerabilities > Postgresql > Postgresql > 9.4.4

DATE CVE VULNERABILITY TITLE RISK
2022-03-04 CVE-2021-23214 When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
network
high complexity
postgresql fedoraproject redhat
8.1
8.1
2021-04-01 CVE-2021-3393 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11.
network
low complexity
postgresql redhat
4.3
4.3
2021-03-19 CVE-2019-10128 Unspecified vulnerability in Postgresql
A vulnerability was found in postgresql versions 11.x prior to 11.3.
local
low complexity
postgresql
7.8
7.8
2021-03-19 CVE-2019-10127 Unspecified vulnerability in Postgresql
A vulnerability was found in postgresql versions 11.x prior to 11.3.
local
low complexity
postgresql
8.8
8.8
2020-11-16 CVE-2020-25695 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
low complexity
postgresql debian
8.8
8.8
2020-11-16 CVE-2020-25694 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
network
high complexity
postgresql debian
8.1
8.1
2019-10-29 CVE-2019-10211 Unspecified vulnerability in Postgresql
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.
network
low complexity
postgresql
critical
 9.8
9.8
2019-10-29 CVE-2019-10210 Insufficiently Protected Credentials vulnerability in Postgresql
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
local
high complexity
postgresql CWE-522
7.0
7.0
2019-10-29 CVE-2019-10208 SQL Injection vulnerability in Postgresql
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function.
network
low complexity
postgresql CWE-89
8.8
8.8
2019-04-01 CVE-2019-9193 OS Command Injection vulnerability in Postgresql
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user.
network
low complexity
postgresql CWE-78
7.2
7.2