High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-29	CVE-2019-10210	Insufficiently Protected Credentials vulnerability in Postgresql Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. local high complexity postgresql CWE-522	7.0
2019-06-26	CVE-2019-10164	Out-of-bounds Write vulnerability in multiple products PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. network low complexity postgresql redhat fedoraproject opensuse CWE-787	8.8
2019-04-01	CVE-2019-9193	OS Command Injection vulnerability in Postgresql In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. network low complexity postgresql CWE-78	7.2
2018-08-30	CVE-2018-10936	Improper Validation of Certificate with Host Mismatch vulnerability in multiple products A weakness was found in postgresql-jdbc before version 42.2.5. network high complexity postgresql redhat CWE-297	8.1
2018-08-20	CVE-2016-7048	Improper Access Control vulnerability in Postgresql The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software. network high complexity postgresql CWE-284	8.1
2018-08-09	CVE-2018-10925	Incorrect Authorization vulnerability in multiple products It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... network low complexity canonical debian postgresql CWE-863	8.1
2018-03-02	CVE-2018-1058	A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. network low complexity postgresql canonical redhat	8.8
2018-03-01	CVE-2017-14798	Race Condition vulnerability in multiple products A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. local high complexity postgresql suse CWE-362	7.0
2017-11-22	CVE-2017-12172	Link Following vulnerability in Postgresql PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. local low complexity postgresql CWE-59	7.2
2017-08-16	CVE-2017-7548	PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. network low complexity postgresql debian	7.5