Vulnerabilities > Postgresql > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-10 CVE-2023-5868 A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments.
network
low complexity
postgresql redhat
4.3
2023-12-10 CVE-2023-5870 A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher.
network
high complexity
postgresql redhat
4.4
2023-08-22 CVE-2020-21469 Classic Buffer Overflow vulnerability in Postgresql 12.2
An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals.
local
low complexity
postgresql CWE-120
4.4
2023-08-11 CVE-2023-39418 Insufficient Granularity of Access Control vulnerability in multiple products
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT.
network
low complexity
postgresql redhat debian CWE-1220
4.3
2023-06-09 CVE-2023-2455 Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.
network
low complexity
postgresql redhat fedoraproject
5.4
2023-03-27 CVE-2023-0241 Path Traversal vulnerability in Postgresql Pgadmin 4
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability.
network
low complexity
postgresql CWE-22
6.5
2022-11-23 CVE-2022-41946 Exposure of Resource to Wrong Sphere vulnerability in multiple products
pgjdbc is an open source postgresql JDBC Driver.
local
low complexity
postgresql debian CWE-668
5.5
2022-08-25 CVE-2021-43767 Improper Certificate Validation vulnerability in Postgresql
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries.
network
high complexity
postgresql CWE-295
5.9
2022-03-16 CVE-2022-0959 Unrestricted Upload of File with Dangerous Type vulnerability in Postgresql Pgadmin 4
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
network
low complexity
postgresql CWE-434
6.5
2022-03-02 CVE-2021-23222 Unspecified vulnerability in Postgresql
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
network
high complexity
postgresql
5.9