Vulnerabilities (CVE)

Filtered by vendor Postgresql Subscribe
Total 171 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-2143 4 Debian, Freebsd, Php and 1 more 4 Debian Linux, Freebsd, Php and 1 more 2024-03-14 4.3 MEDIUM N/A
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
CVE-2023-2454 3 Fedoraproject, Postgresql, Redhat 4 Fedora, Postgresql, Enterprise Linux and 1 more 2024-02-28 N/A 7.2 HIGH
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
CVE-2023-2455 3 Fedoraproject, Postgresql, Redhat 4 Fedora, Postgresql, Enterprise Linux and 1 more 2024-02-28 N/A 5.4 MEDIUM
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
CVE-2023-32305 2 Aiven, Postgresql 2 Aiven, Postgresql 2024-02-28 N/A 8.8 HIGH
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.
CVE-2023-0241 1 Postgresql 1 Pgadmin 4 2024-02-28 N/A 6.5 MEDIUM
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.
CVE-2022-41862 3 Fedoraproject, Postgresql, Redhat 6 Fedora, Postgresql, Enterprise Linux and 3 more 2024-02-28 N/A 3.7 LOW
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
CVE-2022-4223 2 Fedoraproject, Postgresql 2 Fedora, Pgadmin 2024-02-28 N/A 8.8 HIGH
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.
CVE-2021-43767 1 Postgresql 1 Postgresql 2024-02-28 N/A 5.9 MEDIUM
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.
CVE-2022-31197 3 Debian, Fedoraproject, Postgresql 3 Debian Linux, Fedora, Postgresql Jdbc Driver 2024-02-28 N/A 8.0 HIGH
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-2625 3 Fedoraproject, Postgresql, Redhat 3 Fedora, Postgresql, Enterprise Linux 2024-02-28 N/A 8.0 HIGH
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.
CVE-2022-1552 1 Postgresql 1 Postgresql 2024-02-28 N/A 8.8 HIGH
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
CVE-2021-3677 3 Fedoraproject, Postgresql, Redhat 7 Fedora, Postgresql, Enterprise Linux and 4 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.
CVE-2021-23214 3 Fedoraproject, Postgresql, Redhat 6 Fedora, Postgresql, Enterprise Linux and 3 more 2024-02-28 5.1 MEDIUM 8.1 HIGH
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
CVE-2021-23222 1 Postgresql 1 Postgresql 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
CVE-2022-0959 1 Postgresql 1 Pgadmin 4 2024-02-28 3.5 LOW 6.5 MEDIUM
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
CVE-2022-24844 2 Gin-vue-admin Project, Postgresql 2 Gin-vue-admin, Postgresql 2024-02-28 6.5 MEDIUM 8.8 HIGH
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login) and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds.
CVE-2021-32028 1 Postgresql 1 Postgresql 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-32029 2 Postgresql, Redhat 2 Postgresql, Jboss Enterprise Application Platform 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
CVE-2022-21724 4 Debian, Fedoraproject, Postgresql and 1 more 4 Debian Linux, Fedora, Postgresql Jdbc Driver and 1 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
CVE-2021-32027 2 Postgresql, Redhat 4 Postgresql, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2024-02-28 6.5 MEDIUM 8.8 HIGH
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.