Vulnerabilities > Postgresql > Postgresql > 9.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-09 | CVE-2018-10915 | SQL Injection vulnerability in multiple products A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. | 6.0 |
| 2018-05-10 | CVE-2018-1115 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. | 9.1 |
| 2018-03-02 | CVE-2018-1058 | A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. | 8.8 |
| 2018-02-09 | CVE-2018-1053 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. | 3.3 |
| 2017-08-16 | CVE-2017-7548 | PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. | 7.5 |