Vulnerabilities > Postgresql > Postgresql > 9.5.18
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-04 | CVE-2021-23214 | SQL Injection vulnerability in multiple products When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | 8.1 |
| 2021-04-01 | CVE-2021-3393 | Information Exposure Through an Error Message vulnerability in multiple products An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. | 3.5 |
| 2020-11-23 | CVE-2020-25696 | Permissive Whitelist vulnerability in multiple products A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 7.5 |
| 2020-11-16 | CVE-2020-25695 | SQL Injection vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 8.8 |
| 2020-11-16 | CVE-2020-25694 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 8.1 |
| 2020-09-16 | CVE-2020-10733 | Untrusted Search Path vulnerability in Postgresql The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. | 4.4 |
| 2020-08-24 | CVE-2020-14350 | Untrusted Search Path vulnerability in multiple products It was found that some PostgreSQL extensions did not use search_path safely in their installation script. | 7.3 |
| 2019-10-29 | CVE-2019-10211 | Unspecified vulnerability in Postgresql Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | 7.5 |
| 2019-10-29 | CVE-2019-10210 | Insufficiently Protected Credentials vulnerability in Postgresql Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | 7.0 |
| 2019-10-29 | CVE-2019-10208 | SQL Injection vulnerability in Postgresql A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. | 6.5 |