Skip to main content

PostgreSQL

413 CVEs product

Monthly

CVE-2017-7485 MEDIUM This Month

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PostgreSQL Information Disclosure
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2017-7484 HIGH This Week

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-5585 HIGH POC This Week

OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PostgreSQL Documentum Content Server
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-5424 HIGH PATCH This Week

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PostgreSQL Debian Linux
NVD
CVSS 3.0
7.1
EPSS
1.7%
CVE-2016-5423 HIGH PATCH This Week

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference RCE PostgreSQL Debian Linux
NVD
CVSS 3.0
8.3
EPSS
3.4%
CVE-2016-3480 MEDIUM PATCH This Month

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect confidentiality via vectors related to HA for Postgresql. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

PostgreSQL Information Disclosure Oracle Solaris Cluster
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2015-4644 HIGH This Week

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service PHP PostgreSQL Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
9.9%
CVE-2015-7502 MEDIUM This Month

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Red Hat Information Disclosure PostgreSQL Cloudforms Management Engine Cloudforms
NVD
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-3065 CRITICAL PATCH Act Now

The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Privilege Escalation PostgreSQL
NVD
CVSS 3.0
9.1
EPSS
1.1%
CVE-2016-2193 HIGH PATCH This Week

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PostgreSQL
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2016-0773 HIGH Act Now

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.5% and no vendor patch available.

Denial Of Service Buffer Overflow PostgreSQL Ubuntu Linux Debian Linux
NVD
CVSS 3.0
7.5
EPSS
12.5%
CVE-2016-0766 HIGH This Week

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Ubuntu Linux Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2015-5289 MEDIUM This Month

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow PostgreSQL Debian Linux Ubuntu Linux
NVD
CVSS 2.0
6.4
EPSS
10.0%
CVE-2015-5288 MEDIUM This Month

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure PostgreSQL
NVD
CVSS 2.0
6.4
EPSS
8.9%
CVE-2015-3165 MEDIUM This Month

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service PostgreSQL Ubuntu Linux Debian Linux Mac Os X Server
NVD
CVSS 2.0
4.3
EPSS
9.7%
CVE-2015-3427 HIGH This Week

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PostgreSQL Quassel Debian Linux
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-1352 MEDIUM POC THREAT This Month

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 30.9%.

Denial Of Service PHP PostgreSQL Mac Os X
NVD
CVSS 2.0
5.0
EPSS
30.9%
CVE-2015-1456 MEDIUM This Month

Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Fortinet Fortiauthenticator
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-1455 HIGH This Week

Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet PostgreSQL Authentication Bypass Fortiauthenticator
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-9576 MEDIUM POC This Month

VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL Information Disclosure Microsoft Vdg Sense
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3561 LOW Monitor

The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure PostgreSQL Enterprise Virtualization
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3483 Ruby HIGH PATCH This Week

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Rails
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-3482 Ruby HIGH PATCH This Week

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Rails Ruby On Rails
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2013-1941 MEDIUM This Month

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Owncloud Owncloud Server
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2669 MEDIUM This Month

Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow PostgreSQL
NVD GitHub VulDB
CVSS 2.0
6.5
EPSS
1.2%
CVE-2014-0067 MEDIUM This Month

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Mac Os X Mac Os X Server
NVD VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-0066 MEDIUM This Month

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PostgreSQL
NVD VulDB
CVSS 2.0
4.0
EPSS
1.5%
CVE-2014-0065 MEDIUM This Month

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow PostgreSQL
NVD VulDB
CVSS 2.0
6.5
EPSS
4.1%
CVE-2014-0064 MEDIUM This Month

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow PostgreSQL
NVD GitHub VulDB
CVSS 2.0
6.5
EPSS
6.7%
CVE-2014-0063 MEDIUM This Month

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow PostgreSQL
NVD GitHub VulDB
CVSS 2.0
6.5
EPSS
6.0%
CVE-2014-0062 MEDIUM This Month

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Race Condition PostgreSQL
NVD VulDB
CVSS 2.0
4.9
EPSS
0.4%
CVE-2014-0061 MEDIUM This Month

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD VulDB
CVSS 2.0
6.5
EPSS
0.8%
CVE-2014-0060 MEDIUM This Month

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD VulDB
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-0080 Ruby MEDIUM PATCH This Month

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

SQLi PostgreSQL Rails
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-6404 MEDIUM POC PATCH This Month

Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation PostgreSQL Quassel Irc
NVD GitHub
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-4422 MEDIUM This Month

SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

SQLi PostgreSQL Quassel Irc
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2013-3279 MEDIUM This Month

EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Atmos
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-1903 CRITICAL Act Now

PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2013-1902 CRITICAL Act Now

PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2013-1901 MEDIUM This Month

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-1900 HIGH This Week

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Information Disclosure PostgreSQL Ubuntu Linux
NVD
CVSS 2.0
8.5
EPSS
0.6%
CVE-2013-1899 MEDIUM POC THREAT This Month

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.1%.

Code Injection Denial Of Service PostgreSQL RCE Ubuntu Linux
NVD
CVSS 2.0
6.5
EPSS
81.1%
Threat
5.2
CVE-2013-0255 MEDIUM This Month

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service PostgreSQL
NVD
CVSS 2.0
6.8
EPSS
3.7%
CVE-2012-4575 MEDIUM This Month

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service PostgreSQL Pgbouncer
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2012-1618 Maven HIGH PATCH This Week

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Postgresql Jdbc Driver
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2012-3489 MEDIUM PATCH This Month

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE PostgreSQL Opensuse Mac Os X Server Ubuntu Linux +5
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2012-3488 MEDIUM This Month

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation XXE PostgreSQL
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2012-1151 MEDIUM This Month

Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PostgreSQL Perl
NVD
CVSS 2.0
5.0
EPSS
2.5%
CVE-2012-2655 MEDIUM This Month

PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PostgreSQL
NVD
CVSS 2.0
4.0
EPSS
1.4%
CVE-2012-0868 MEDIUM This Month

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

SQLi PostgreSQL
NVD
CVSS 2.0
6.8
EPSS
4.4%
CVE-2012-0867 MEDIUM This Month

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure PostgreSQL Opensuse Debian Linux Desktop Workstation +7
NVD
CVSS 2.0
4.3
EPSS
1.9%
CVE-2012-0866 MEDIUM This Month

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD
CVSS 2.0
6.5
EPSS
1.1%
CVE-2012-2143 MEDIUM PATCH This Month

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure PostgreSQL Freebsd PHP Debian Linux
NVD
CVSS 2.0
4.3
EPSS
3.0%
EPSS 1% CVSS 5.9
MEDIUM This Month

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PostgreSQL Information Disclosure
NVD
EPSS 1% CVSS 7.5
HIGH This Week

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PostgreSQL Documentum Content Server
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PostgreSQL +1
NVD
EPSS 3% CVSS 8.3
HIGH PATCH This Week

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference RCE +2
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect confidentiality via vectors related to HA for Postgresql. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

PostgreSQL Information Disclosure Oracle +1
NVD
EPSS 10% CVSS 7.5
HIGH This Week

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service PHP PostgreSQL +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Red Hat Information Disclosure PostgreSQL +2
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Privilege Escalation PostgreSQL
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PostgreSQL
NVD
EPSS 12% CVSS 7.5
HIGH Act Now

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.5% and no vendor patch available.

Denial Of Service Buffer Overflow PostgreSQL +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Ubuntu Linux +1
NVD
EPSS 10% CVSS 6.4
MEDIUM This Month

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow PostgreSQL +2
NVD
EPSS 9% CVSS 6.4
MEDIUM This Month

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure PostgreSQL
NVD
EPSS 10% CVSS 4.3
MEDIUM This Month

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service PostgreSQL Ubuntu Linux +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PostgreSQL Quassel +1
NVD
EPSS 31% CVSS 5.0
MEDIUM POC THREAT This Month

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 30.9%.

Denial Of Service PHP PostgreSQL +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Fortinet +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet PostgreSQL Authentication Bypass +1
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure PostgreSQL +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Rails
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Rails +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Owncloud +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow PostgreSQL
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Mac Os X +1
NVD VulDB
EPSS 1% CVSS 4.0
MEDIUM This Month

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PostgreSQL
NVD VulDB
EPSS 4% CVSS 6.5
MEDIUM This Month

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow PostgreSQL
NVD VulDB
EPSS 7% CVSS 6.5
MEDIUM This Month

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow PostgreSQL
NVD GitHub VulDB
EPSS 6% CVSS 6.5
MEDIUM This Month

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Race Condition PostgreSQL
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD VulDB
EPSS 1% CVSS 4.0
MEDIUM This Month

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

SQLi PostgreSQL Rails
NVD
EPSS 0% CVSS 4.0
MEDIUM POC PATCH This Month

Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation PostgreSQL Quassel Irc
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

SQLi PostgreSQL Quassel Irc
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Atmos
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Ubuntu Linux
NVD
EPSS 1% CVSS 8.5
HIGH This Week

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Information Disclosure PostgreSQL +1
NVD
EPSS 81% 5.2 CVSS 6.5
MEDIUM POC THREAT This Month

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.1%.

Code Injection Denial Of Service PostgreSQL +2
NVD
EPSS 4% CVSS 6.8
MEDIUM This Month

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service PostgreSQL
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service PostgreSQL +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Postgresql Jdbc Driver
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE PostgreSQL Opensuse +7
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation XXE PostgreSQL
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PostgreSQL Perl
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PostgreSQL
NVD
EPSS 4% CVSS 6.8
MEDIUM This Month

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

SQLi PostgreSQL
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure PostgreSQL Opensuse +9
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD
EPSS 3% CVSS 4.3
MEDIUM PATCH This Month

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure PostgreSQL Freebsd +2
NVD
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy