The Postgresql Global Development Group PostgreSQL vulnerabilities
6 known vulnerabilities affecting the_postgresql_global_development_group/postgresql.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-1058HIGHCVSS 8.8v9.3 - 102018-03-02
CVE-2018-1058 [HIGH] CWE-20 CVE-2018-1058: A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
cvelistv5
CVE-2018-1053HIGHCVSS 7.0v9.3.x before 9.3.21v9.4.x before 9.4.16+3 more2018-02-09
CVE-2018-1053 [HIGH] CWE-377 CVE-2018-1053: In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can
cvelistv5nvd
CVE-2018-1052MEDIUMCVSS 6.5v10.x before 10.22018-02-09
CVE-2018-1052 [MEDIUM] CWE-200 CVE-2018-1052: Memory disclosure vulnerability in table partitioning was found in postgresql 10
Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.
cvelistv5
CVE-2017-7486HIGHCVSS 7.5v8.4 - 9.62017-05-12
CVE-2017-7486 [HIGH] CWE-522 CVE-2017-7486: PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which disc
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
cvelistv5nvd
CVE-2017-7484HIGHCVSS 7.5v9.2 - 9.62017-05-12
CVE-2017-7484 [HIGH] CWE-285 CVE-2017-7484: It was found that some selectivity estimation functions in PostgreSQL before 9
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwi
cvelistv5
CVE-2017-7485MEDIUMCVSS 5.9v9.3 - 9.62017-05-12
CVE-2017-7485 [MEDIUM] CWE-390 CVE-2017-7485: In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3,
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a
cvelistv5nvd