| CVE-2022-1552 |
AVG-2719 |
High |
Yes |
Privilege escalation |
Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck made incomplete efforts to operate safely when a privileged user is... |
| CVE-2021-32029 |
AVG-1956 |
Medium |
Yes |
Information disclosure |
A security issue was found in PostgreSQL before version 13.3. Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read... |
| CVE-2021-32028 |
AVG-1956 |
Medium |
Yes |
Information disclosure |
A security issue was found in PostgreSQL before version 13.3. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker... |
| CVE-2021-32027 |
AVG-1956 |
Medium |
Yes |
Arbitrary code execution |
A security issue was found in PostgreSQL before version 13.3. While modifying certain SQL array values, missing bounds checks let authenticated database... |
| CVE-2021-23222 |
AVG-2547 |
Low |
Yes |
Man-in-the-middle |
A security issue has been found in PostgreSQL versions 9.6 up to 14. A man-in-the-middle attacker can inject false responses to the client's first few... |
| CVE-2021-23214 |
AVG-2546 |
High |
Yes |
Man-in-the-middle |
A security issue has been found in PostgreSQL versions 9.6 up to 14. When the server is configured to use trust authentication with a clientcert requirement... |
| CVE-2021-20229 |
AVG-1567 |
Medium |
Yes |
Information disclosure |
A security issue was found in PostgreSQL 13 before version 13.2. A user having a SELECT privilege on an individual column can craft a special query that... |
| CVE-2021-3677 |
AVG-2290 |
Medium |
Yes |
Information disclosure |
A security issue has been found in PostgreSQL before version 13.4. A purpose-crafted query can read arbitrary bytes of server memory. In the default... |
| CVE-2021-3393 |
AVG-1567 |
Medium |
Yes |
Information disclosure |
A security issue was found in PostgreSQL 11 to 13 before version 13.2. A user having an UPDATE privilege on a partitioned table but lacking the SELECT... |
| CVE-2020-25696 |
AVG-1276 |
Medium |
Yes |
Arbitrary code execution |
A security issue has been found in PostgreSQL before 12.5, where psql's \gset allows overwriting specially treated variables. The \gset meta-command, which... |
| CVE-2020-25695 |
AVG-1276 |
High |
Yes |
Sandbox escape |
A security issue has been found in PostgreSQL before 12.5, where an attacker having permission to create non-temporary objects in at least one schema can... |
| CVE-2020-25694 |
AVG-1276 |
Low |
Yes |
Silent downgrade |
A security issue has been found in PostgreSQL before 12.5. Many PostgreSQL-provided client applications have options that create additional database... |
| CVE-2019-10209 |
AVG-1019 |
Low |
Yes |
Information disclosure |
An issue has been found in PostgreSQL >= 11.0 and < 11.5. In a database containing hypothetical, user-defined hash equality operators, an attacker could... |
| CVE-2019-10208 |
AVG-1019 |
Medium |
Yes |
Access restriction bypass |
A security issue has been found in PostgreSQL < 11.5 where given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the... |
| CVE-2018-1058 |
AVG-643 |
High |
Yes |
Privilege escalation |
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw... |
| CVE-2017-15099 |
AVG-485 |
Medium |
Yes |
Access restriction bypass |
An access restriction bypass vulnerability has been discovered in PostgreSQL, the "INSERT ... ON CONFLICT DO UPDATE" would not check to see if the executing... |
| CVE-2017-15098 |
AVG-485 |
Medium |
Yes |
Information disclosure |
A denial of service and potential memory disclosure vulnerability has been discovered in PostgreSQL in the json_populate_recordset() and... |
| CVE-2017-12172 |
AVG-487 |
High |
No |
Privilege escalation |
A vulnerability has been discovered in PostgreSQL when the startup log file for the postmaster (in newer releases, "postgres") process was opened while the... |
| CVE-2017-7548 |
AVG-381 |
Medium |
Yes |
Access restriction bypass |
An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could... |
| CVE-2017-7547 |
AVG-381 |
High |
Yes |
Information disclosure |
An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could... |
| CVE-2017-7546 |
AVG-381 |
Medium |
Yes |
Authentication bypass |
It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A... |
| CVE-2017-7486 |
AVG-272 |
Medium |
Yes |
Information disclosure |
A security issue has been found in PostgreSQL < 9.6.3, where the pg_user_mappings view disclosed user mapping options to any user having USAGE privilege on... |
| CVE-2017-7484 |
AVG-272 |
Medium |
Yes |
Information disclosure |
A security issue has been found in PostgreSQL < 9.6.3, where some selectivity estimation functions did not check user privileges before providing... |