Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
postgresql vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-25695
A flaw was found in PostgreSQL versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20 and prior to 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity o...
Postgresql Postgresql
Debian Debian Linux 9.0
1 Github repository
7.6
CVSSv2
CVE-2020-25696
A flaw was found in the psql interactive terminal of PostgreSQL in versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20 and prior to 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute ar...
Postgresql Postgresql
Debian Debian Linux 9.0
NA
CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows malicious user to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second ...
Postgresql Postgresql Jdbc Driver
Fedoraproject Fedora 40
5
CVSSv2
CVE-2011-2483
crypt_blowfish prior to 1.1, as used in PHP prior to 5.3.7 on certain platforms, PostgreSQL prior to 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent malicious users to determine a cleartext password by leveraging k...
Php Php
Postgresql Postgresql
Openwall Crypt Blowfish
1 Github repository
NA
CVE-2022-2625
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim...
Postgresql Postgresql
Postgresql Postgresql 15
Fedoraproject Fedora 36
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
9
CVSSv2
CVE-2016-0766
PostgreSQL prior to 9.1.20, 9.2.x prior to 9.2.15, 9.3.x prior to 9.3.11, 9.4.x prior to 9.4.6, and 9.5.x prior to 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows malicious users to gain privileges via unspecif...
Postgresql Postgresql 9.5
Postgresql Postgresql
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
4.6
CVSSv2
CVE-2020-14349
It was found that PostgreSQL versions prior to 12.4, prior to 11.9 and prior to 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL comma...
Postgresql Postgresql
Opensuse Leap 15.1
Opensuse Leap 15.2
4
CVSSv2
CVE-2021-32029
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
Postgresql Postgresql
Redhat Jboss Enterprise Application Platform 7.0.0
6.9
CVSSv2
CVE-2017-14798
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
Postgresql Postgresql
Suse Suse Linux Enterprise Server 11
1 EDB exploit
7.5
CVSSv2
CVE-2022-21724
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin ...
Postgresql Postgresql Jdbc Driver
Postgresql Postgresql Jdbc Driver 42.3.2
Fedoraproject Fedora 35
Quarkus Quarkus
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »