Postgresql

Postgresql

166 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2019-10208

  • EPSS 0.31%
  • Published 29.10.2019 19:15:16
  • Last modified 21.11.2024 04:18:39

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker,...

3.5

CVE-2019-10209

  • EPSS 0.44%
  • Published 29.10.2019 19:15:16
  • Last modified 21.11.2024 04:18:39

Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

7

CVE-2019-10210

  • EPSS 0.28%
  • Published 29.10.2019 19:15:16
  • Last modified 21.11.2024 04:18:39

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.

9.8

CVE-2019-10211

  • EPSS 1.6%
  • Published 29.10.2019 19:15:16
  • Last modified 21.11.2024 04:18:39

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.

6.5

CVE-2019-10129

  • EPSS 0.47%
  • Published 30.07.2019 17:15:12
  • Last modified 21.11.2024 04:18:28

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table s...

4.3

CVE-2019-10130

  • EPSS 0.24%
  • Published 30.07.2019 17:15:12
  • Last modified 21.11.2024 04:18:28

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histog...

9

CVE-2019-10164

  • EPSS 5.24%
  • Published 26.06.2019 16:15:09
  • Last modified 21.11.2024 04:18:33

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often su...

9

CVE-2019-9193

Exploit
  • EPSS 93.72%
  • Published 01.04.2019 21:30:45
  • Last modified 21.11.2024 04:51:10

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled b...

9.8

CVE-2018-16850

  • EPSS 1.54%
  • Published 13.11.2018 15:29:00
  • Last modified 21.11.2024 03:53:26

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser ...

9.3

CVE-2016-7048

  • EPSS 9.57%
  • Published 20.08.2018 21:29:00
  • Last modified 21.11.2024 02:57:21

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.