postgresql

186 tracked vulnerabilities.

CVE-2024-0985 HIGH
PostgreSQL 12.0-12.17 - Privilege Escalation via REFRESH MATERIALIZED VIEW CONCURRENTLY
Feb 08, 2024
CVSS 8.0
EPSS 0.01
CVE-2023-5870 LOW
PostgreSQL >=11.0 <11.22 - Denial of Service via pg_cancel_backend Role
Dec 10, 2023
CVSS 2.2
EPSS 0.01
CVE-2023-5869 HIGH
PostgreSQL >=11.0 <11.22 - Authenticated Remote Code Execution via SQL Array Value Modification
Dec 10, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-5868 MEDIUM
PostgreSQL - Info Disclosure
Dec 10, 2023
CVSS 4.3
EPSS 0.03
CVE-2023-39418 LOW
PostgreSQL 15.0-15.3 - Insufficient Granularity of Access Control via MERGE Command
Aug 11, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-39417 HIGH
PostgreSQL >=11.0 <11.21 - SQL Injection via Extension Script Quoting Constructs
Aug 11, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-2455 MEDIUM
PostgreSQL 11.0-11.19 - Incorrect Row Security Policy Application via Role Change
Jun 09, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-2454 HIGH
PostgreSQL >=11.0 <11.20 - Authenticated Remote Code Execution via schema_element
Jun 09, 2023
CVSS 7.2
EPSS 0.00
CVE-2022-41862 LOW
PostgreSQL 12.0-12.13 - Exposure of Sensitive Information via Kerberos Transport Encryption
Mar 03, 2023
CVSS 3.7
EPSS 0.00
CVE-2022-41946 MEDIUM
PostgreSQL JDBC Driver 42.2.0-42.2.27 - Insecure Temporary File Creation via InputStream Handling
Nov 23, 2022
CVSS 4.7
EPSS 0.00
CVE-2022-1552 HIGH
PostgreSQL 10.0-10.20 SQL Injection via Multiple Commands
Aug 31, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-2625 HIGH
PostgreSQL - Arbitrary Code Execution via Extension Schema Object Hijacking
Aug 18, 2022
CVSS 8.0
EPSS 0.01
CVE-2022-31197 HIGH
PostgreSQL JDBC Driver - SQL Injection
Aug 03, 2022
CVSS 7.1
EPSS 0.02
CVE-2022-26520 CRITICAL
PostgreSQL JDBC Driver 42.1.0-42.3.2 - Arbitrary File Write via loggerFile and loggerLevel Connection Properties
Mar 10, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-21724 HIGH
PostgreSQL JDBC Driver pgjdbc - Plugin Class Code Execution
Feb 02, 2022
CVSS 7.0
EPSS 0.04
CVE-2021-43767 MEDIUM
PostgreSQL 9.6.0-9.6.23 - Improper Certificate Validation
Aug 25, 2022
CVSS 5.9
EPSS 0.00
CVE-2021-23214 HIGH
PostgreSQL Certificate Authentication - SQL Injection via MITM
Mar 04, 2022
CVSS 8.1
EPSS 0.00
CVE-2021-3677 MEDIUM
PostgreSQL 11.0-11.12 - Authenticated Exposure of Sensitive Information via Crafted Query
Mar 02, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-23222 MEDIUM
PostgreSQL 9.6 - SSL Certificate Verification Man-in-the-Middle Injection
Mar 02, 2022
CVSS 5.9
EPSS 0.00
CVE-2021-32028 MEDIUM
PostgreSQL 9.6.0-9.6.21 - Authenticated Exposure of Sensitive Information via INSERT ON CONFLICT DO UPDATE
Oct 11, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-32029 MEDIUM
PostgreSQL 11.0-11.11 - Authenticated Out-of-bounds Read via UPDATE RETURNING Command
Oct 08, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-32027 HIGH
PostgreSQL < 9.6.22, 10.0-10.16, 11.0-11.11, 12.0-12.6, 13.0-13.2 - Authenticated Arbitrary Memory Write
Jun 01, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-3393 MEDIUM
PostgreSQL < 11.11, < 12.6, < 13.2 - Information Disclosure via Error Message
Apr 01, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-20229 MEDIUM
PostgreSQL < 13.2 - Unauthorized Column Access via SELECT Privilege Escalation
Feb 23, 2021
CVSS 4.3
EPSS 0.00
CVE-2020-21469 MEDIUM
PostgreSQL 12.2 - Denial of Service via SIGHUP Signal
Aug 22, 2023
CVSS 4.4
EPSS 0.00
Products
postgresql 175 postgresql_jdbc_driver 10 pljava-public 1 postgresql-common 1
Quick Filters
Critical CVEs With Exploits In CISA KEV