Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Postgresql
(Postgresql)Repositories | https://github.com/postgres/postgres |
#Vulnerabilities | 155 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2005-05-02 | CVE-2005-0227 | PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension. | Postgresql | N/A | ||
2006-10-26 | CVE-2006-5541 | backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY. | Postgresql | N/A | ||
2023-06-09 | CVE-2023-2454 | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | Fedora, Postgresql, Enterprise_linux, Software_collections | 7.2 | ||
2023-06-09 | CVE-2023-2455 | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads... | Fedora, Postgresql, Enterprise_linux, Software_collections | 5.4 | ||
2017-08-16 | CVE-2017-7548 | PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. | Debian_linux, Postgresql | 7.5 | ||
2023-03-03 | CVE-2022-41862 | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. | Fedora, Postgresql, Enterprise_linux, Integration_camel_k, Integration_camel_quarkus, Integration_service_registry | 3.7 | ||
2007-06-19 | CVE-2007-3278 | PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. | Debian_linux, Postgresql | N/A | ||
2010-02-02 | CVE-2010-0442 | The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow." | Postgresql | N/A | ||
2018-08-09 | CVE-2018-10925 | It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | Ubuntu_linux, Debian_linux, Postgresql | 8.1 | ||
2010-03-19 | CVE-2010-0733 | Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. | Postgresql | N/A |