|Max CVSS||7.6||Min CVSS||3.5||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untru
|04-08-2021 - 17:14||09-08-2018 - 20:29|
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attac
|15-12-2020 - 19:37||23-11-2020 - 22:15|
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et
|17-08-2020 - 19:15||17-03-2020 - 16:15|
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
|09-10-2019 - 23:24||27-07-2018 - 20:29|
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having
|03-10-2019 - 00:03||16-08-2017 - 18:29|
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
|05-01-2018 - 02:31||12-05-2017 - 19:29|