Vulnerabilities > Postgresql > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-08 CVE-2024-7348 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Postgresql
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser.
network
high complexity
postgresql CWE-367
7.5
2024-02-08 CVE-2024-0985 Unspecified vulnerability in Postgresql
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer.
network
low complexity
postgresql
8.0
2023-12-10 CVE-2023-5869 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification.
network
low complexity
postgresql redhat CWE-190
8.8
2023-08-11 CVE-2023-39417 SQL Injection vulnerability in multiple products
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or "").
network
low complexity
postgresql redhat debian CWE-89
8.8
2023-06-09 CVE-2023-2454 schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
network
low complexity
postgresql redhat fedoraproject
7.2
2022-12-13 CVE-2022-4223 Missing Authorization vulnerability in multiple products
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore.
network
low complexity
postgresql fedoraproject CWE-862
8.8
2022-08-31 CVE-2022-1552 Incomplete Cleanup vulnerability in Postgresql
A flaw was found in PostgreSQL.
network
low complexity
postgresql CWE-459
8.8
2022-08-18 CVE-2022-2625 A vulnerability was found in PostgreSQL.
network
low complexity
postgresql fedoraproject redhat
8.0
2022-08-03 CVE-2022-31197 SQL Injection vulnerability in multiple products
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code.
network
low complexity
postgresql debian fedoraproject CWE-89
8.0
2022-03-04 CVE-2021-23214 SQL Injection vulnerability in multiple products
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
network
high complexity
postgresql fedoraproject redhat CWE-89
8.1