Vulnerabilities > Postgresql > Postgresql > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-08 | CVE-2024-7348 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Postgresql Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. | 7.5 |
| 2024-02-08 | CVE-2024-0985 | Unspecified vulnerability in Postgresql Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. | 8.0 |
| 2023-12-10 | CVE-2023-5869 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. | 8.8 |
| 2023-08-11 | CVE-2023-39417 | SQL Injection vulnerability in multiple products IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). | 8.8 |
| 2023-06-09 | CVE-2023-2454 | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | 7.2 |
| 2022-08-31 | CVE-2022-1552 | Incomplete Cleanup vulnerability in Postgresql A flaw was found in PostgreSQL. | 8.8 |
| 2022-08-18 | CVE-2022-2625 | A vulnerability was found in PostgreSQL. | 8.0 |
| 2022-03-04 | CVE-2021-23214 | SQL Injection vulnerability in multiple products When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | 8.1 |
| 2021-06-01 | CVE-2021-32027 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. | 8.8 |
| 2020-11-23 | CVE-2020-25696 | Permissive Whitelist vulnerability in multiple products A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 7.5 |