Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
postgresql vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-43036
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The password for the PostgreSQL wguest account is weak.
Kaseya Unitrends Backup
9.8
CVSSv3
CVE-2021-44427
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) prior to 8.1.1 allows remote malicious users to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Rosariosis Rosariosis
9.8
CVSSv3
CVE-2021-41558
The set_user extension module prior to 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config.
Set User Project Set User
9.8
CVSSv3
CVE-2021-38140
The set_user extension module prior to 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().
Set User Project Set User
9.8
CVSSv3
CVE-2021-33204
In the pg_partman (aka PG Partition Manager) extension prior to 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set.
Pgxn Pg Partman
9.8
CVSSv3
CVE-2020-17446
asyncpg prior to 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
Magic Asyncpg
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2020-7471
Django 1.11 prior to 1.11.28, 2.2 prior to 2.2.10, and 3.0 prior to 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a s...
Djangoproject Django
11 Github repositories
9.8
CVSSv3
CVE-2015-0244
PostgreSQL prior to 9.0.19, 9.1.x prior to 9.1.15, 9.2.x prior to 9.2.10, 9.3.x prior to 9.3.6, and 9.4.x prior to 9.4.1 does not properly handle errors while reading a protocol message, which allows remote malicious users to conduct SQL injection attacks via crafted binary data ...
Postgresql Postgresql
Debian Debian Linux 7.0
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2019-19015
An issue exists in TitanHQ WebTitan prior to 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker i...
Titanhq Webtitan
9.8
CVSSv3
CVE-2012-3460
cumin: At installation postgresql database user created without password
Redhat Enterprise Mrg 2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »