High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-23	CVE-2020-25696	Permissive Whitelist vulnerability in multiple products A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. network high complexity postgresql debian CWE-183	7.5
2020-11-16	CVE-2020-25695	SQL Injection vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. network low complexity postgresql debian CWE-89	8.8
2020-11-16	CVE-2020-25694	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. network high complexity postgresql debian CWE-327	8.1
2020-08-24	CVE-2020-14350	Untrusted Search Path vulnerability in multiple products It was found that some PostgreSQL extensions did not use search_path safely in their installation script. local low complexity postgresql debian opensuse canonical CWE-426	7.3
2020-08-24	CVE-2020-14349	Uncontrolled Search Path Element vulnerability in multiple products It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. network high complexity postgresql opensuse CWE-427	7.1
2020-06-04	CVE-2020-13692	XXE vulnerability in multiple products PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. network high complexity postgresql quarkus netapp fedoraproject debian CWE-611	7.7
2020-01-27	CVE-2015-0244	SQL Injection vulnerability in multiple products PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. network low complexity postgresql debian CWE-89	7.5
2019-11-20	CVE-2015-3166	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. network low complexity postgresql debian canonical CWE-119	7.5
2019-11-20	CVE-2019-3466	Improper Privilege Management vulnerability in multiple products The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. local low complexity postgresql canonical debian CWE-269	7.2
2019-10-29	CVE-2019-10211	Unspecified vulnerability in Postgresql Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. network low complexity postgresql	7.5