Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
postgresql postgresql vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2010-0442
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstra...
Postgresql Postgresql
1 EDB exploit
4.4
CVSSv2
CVE-2020-10733
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having perm...
Postgresql Postgresql
6.5
CVSSv2
CVE-2019-10208
A flaw exists in postgresql versions 9.4.x prior to 9.4.24, 9.5.x prior to 9.5.19, 9.6.x prior to 9.6.15, 10.x prior to 10.10 and 11.x prior to 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on ...
Postgresql Postgresql
4.3
CVSSv2
CVE-2005-0227
PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.
Postgresql Postgresql
5
CVSSv2
CVE-2016-0768
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
Postgresql Postgresql
4
CVSSv2
CVE-2021-32028
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
Postgresql Postgresql
4.3
CVSSv2
CVE-2019-10127
A vulnerability was found in postgresql versions 11.x before 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an a...
Postgresql Postgresql
4.1
CVSSv2
CVE-2019-10128
A vulnerability was found in postgresql versions 11.x before 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration...
Postgresql Postgresql
4
CVSSv2
CVE-2019-10129
A vulnerability was found in postgresql versions 11.x before 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploi...
Postgresql Postgresql
NA
CVE-2024-24213
Supabase PostgreSQL v15.1 exists to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specif...
Postgresql Postgresql 15.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »