Vulnerabilities (CVE)

Filtered by vendor Postgresql Subscribe
Total 171 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-0985 1 Postgresql 1 Postgresql 2024-06-20 N/A 8.0 HIGH
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.
CVE-2024-1597 2 Fedoraproject, Postgresql 2 Fedora, Postgresql Jdbc Driver 2024-06-10 N/A 9.8 CRITICAL
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.
CVE-2024-24213 1 Postgresql 1 Postgresql 2024-05-17 N/A 9.8 CRITICAL
Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected.
CVE-2022-26520 2 Debian, Postgresql 2 Debian Linux, Postgresql Jdbc Driver 2024-05-17 7.5 HIGH 9.8 CRITICAL
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties
CVE-2020-21469 1 Postgresql 1 Postgresql 2024-05-17 N/A 4.4 MEDIUM
An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).
CVE-2019-9193 1 Postgresql 1 Postgresql 2024-05-17 9.0 HIGH 7.2 HIGH
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
CVE-2011-2483 3 Openwall, Php, Postgresql 3 Crypt Blowfish, Php, Postgresql 2024-04-23 5.0 MEDIUM N/A
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
CVE-2017-8806 3 Canonical, Debian, Postgresql 3 Ubuntu Linux, Debian Linux, Postgresql 2024-04-01 3.6 LOW 5.5 MEDIUM
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
CVE-2022-41946 2 Debian, Postgresql 2 Debian Linux, Postgresql Jdbc Driver 2024-03-29 N/A 5.5 MEDIUM
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.
CVE-2012-2143 4 Debian, Freebsd, Php and 1 more 4 Debian Linux, Freebsd, Php and 1 more 2024-03-14 4.3 MEDIUM N/A
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
CVE-2023-39417 3 Debian, Postgresql, Redhat 4 Debian Linux, Postgresql, Enterprise Linux and 1 more 2024-02-16 N/A 8.8 HIGH
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
CVE-2023-39418 3 Debian, Postgresql, Redhat 3 Debian Linux, Postgresql, Enterprise Linux 2024-02-16 N/A 4.3 MEDIUM
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
CVE-2012-3489 6 Apple, Canonical, Debian and 3 more 9 Mac Os X Server, Ubuntu Linux, Debian Linux and 6 more 2024-02-15 4.0 MEDIUM 6.5 MEDIUM
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
CVE-2009-3231 5 Canonical, Fedoraproject, Opensuse and 2 more 6 Ubuntu Linux, Fedora, Opensuse and 3 more 2024-02-13 6.8 MEDIUM N/A
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
CVE-2002-1657 1 Postgresql 1 Postgresql 2024-02-09 5.0 MEDIUM 7.5 HIGH
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
CVE-2005-0246 1 Postgresql 1 Postgresql 2024-02-05 5.0 MEDIUM N/A
The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.
CVE-2004-0977 4 Mandrakesoft, Postgresql, Redhat and 1 more 6 Mandrake Linux, Mandrake Linux Corporate Server, Postgresql and 3 more 2024-02-02 2.1 LOW N/A
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
CVE-2023-32305 2 Aiven, Postgresql 2 Aiven, Postgresql 2024-02-01 N/A 8.8 HIGH
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.
CVE-2023-5870 2 Postgresql, Redhat 16 Postgresql, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 13 more 2024-01-25 N/A 4.4 MEDIUM
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
CVE-2023-5869 2 Postgresql, Redhat 21 Postgresql, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 18 more 2024-01-25 N/A 8.8 HIGH
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.