Vulnerabilities (CVE)

Vendor filter

Postgresql Subscribe

Product filter

Postgresql Subscribe

Filter

108 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9193 1 Postgresql 1 Postgresql 2019-05-13 9.0
** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This...
CVE-2018-1058 3 Postgresql, Redhat, Canonical 3 Postgresql, Cloudforms, Ubuntu Linux 2019-03-25 6.5
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through...
CVE-2018-1115 1 Postgresql 1 Postgresql 2019-03-21 6.4
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect...
CVE-2018-1053 4 Postgresql, Debian, Redhat and 1 more 4 Postgresql, Debian Linux, Cloudforms and 1 more 2019-03-18 3.3
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect...
CVE-2018-16850 3 Postgresql, Canonical, Redhat 3 Postgresql, Ubuntu Linux, Enterprise Linux 2018-12-18 7.5
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with...
CVE-2018-10925 3 Postgresql, Canonical, Debian 3 Postgresql, Ubuntu Linux, Debian Linux 2018-12-14 5.5
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges...
CVE-2018-10915 4 Postgresql, Redhat, Canonical and 1 more 9 Postgresql, Openstack, Virtualization and 6 more 2018-12-14 6.0
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from...
CVE-2007-4772 4 Postgresql, Tcl Tk, Canonical and 1 more 4 Postgresql, Tcl Tk, Ubuntu Linux and 1 more 2018-10-26 4.0
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted...
CVE-2007-2138 3 Postgresql, Canonical, Debian 3 Postgresql, Ubuntu Linux, Debian Linux 2018-10-19 6.0
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain...
CVE-2006-0678 1 Postgresql 1 Postgresql 2018-10-19 1.5
PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a...
CVE-2006-0553 1 Postgresql 1 Postgresql 2018-10-19 6.5
PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.
CVE-2006-0105 1 Postgresql 1 Postgresql 2018-10-19 5.0
PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests.
CVE-2005-1410 2 Postgresql, Trustix 2 Postgresql, Secure Linux 2018-10-19 2.1
The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to...
CVE-2005-1409 1 Postgresql 1 Postgresql 2018-10-19 7.5
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."
CVE-2006-2314 1 Postgresql 1 Postgresql 2018-10-18 7.5
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that...
CVE-2006-2313 1 Postgresql 1 Postgresql 2018-10-18 7.5
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte...
CVE-2007-3280 1 Postgresql 1 Postgresql 2018-10-16 9.0
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from...
CVE-2007-3279 1 Postgresql 1 Postgresql 2018-10-16 10.0
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions...
CVE-2007-3278 1 Postgresql 1 Postgresql 2018-10-16 6.9
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host...
CVE-2007-0556 1 Postgresql 1 Postgresql 2018-10-16 6.6
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server...