Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
postgresql postgresql vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2020-14349
It was found that PostgreSQL versions prior to 12.4, prior to 11.9 and prior to 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL comma...
Postgresql Postgresql
Opensuse Leap 15.1
Opensuse Leap 15.2
7.1
CVSSv3
CVE-2019-4298
IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764.
Ibm Robotic Process Automation With Automation Anywhere
7
CVSSv3
CVE-2020-1707
A vulnerability was found in all openshift/postgresql-apb 4.x.x versions before 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify ...
Redhat Openshift
7
CVSSv3
CVE-2019-10210
Postgresql Windows installer prior to 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
Postgresql Postgresql
7
CVSSv3
CVE-2017-14798
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
Postgresql Postgresql
Suse Suse Linux Enterprise Server 11
1 EDB exploit
6.7
CVSSv3
CVE-2021-3515
A shell injection flaw was found in pglogical in versions prior to 2.3.4 and prior to 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscri...
2ndquadrant Pglogical
6.5
CVSSv3
CVE-2024-22208
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ ...
Phpmyfaq Phpmyfaq
6.5
CVSSv3
CVE-2024-22202
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an malicious user to spoof another user's detail, and in turn make a compelling phishing case for removing another user's acco...
Phpmyfaq Phpmyfaq
6.5
CVSSv3
CVE-2023-46128
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords a...
Networktocode Nautobot
6.5
CVSSv3
CVE-2023-0241
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.
Postgresql Pgadmin 4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »