Postgresql Global Development Group PostgreSQL vulnerabilities
9 known vulnerabilities affecting postgresql_global_development_group/postgresql.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH6MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2015-0244CRITICALCVSS 9.8vbefore 9.0.19v9.1.x before 9.1.15+3 more2020-01-27
CVE-2015-0244 [CRITICAL] CWE-89 CVE-2015-0244: PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x be
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part
cvelistv5nvd
CVE-2015-0243HIGHCVSS 8.8vbefore 9.0.19v9.1.x before 9.1.15+3 more2020-01-27
CVE-2015-0243 [HIGH] CWE-120 CVE-2015-0243: Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.
Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
cvelistv5nvd
CVE-2015-0241HIGHCVSS 8.8vbefore 9.0.19v9.1.x before 9.1.15+3 more2020-01-27
CVE-2015-0241 [HIGH] CWE-120 CVE-2015-0241: The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x be
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read,
cvelistv5nvd
CVE-2015-0242HIGHCVSS 8.8vbefore 9.0.19v9.1.x before 9.1.15+3 more2020-01-27
CVE-2015-0242 [HIGH] CWE-787 CVE-2015-0242: Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number wit
cvelistv5nvd
CVE-2014-8161MEDIUMCVSS 4.3vbefore 9.0.19v9.1.x before 9.1.15+3 more2020-01-27
CVE-2014-8161 [MEDIUM] CWE-209 CVE-2014-8161: PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x be
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
cvelistv5nvd
CVE-2015-3166CRITICALCVSS 9.8vbefore 9.0.20v9.1.x before 9.1.16+3 more2019-11-20
CVE-2015-3166 [CRITICAL] CWE-119 CVE-2015-3166: The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
cvelistv5nvd
CVE-2015-3167HIGHCVSS 7.5vbefore 9.0.20v9.1.x before 9.1.16+3 more2019-11-20
CVE-2015-3167 [HIGH] CWE-200 CVE-2015-3167: contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
cvelistv5nvd
CVE-2018-10915HIGHCVSS 7.5v10.5v9.6.10+3 more2018-08-09
CVE-2018-10915 [HIGH] CWE-89 CVE-2018-10915: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to prop
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher pri
cvelistv5nvd
CVE-2018-10925HIGHCVSS 8.1v10.5v9.6.10+3 more2018-08-09
CVE-2018-10925 [HIGH] CWE-863 CVE-2018-10925: It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limi
cvelistv5nvd