The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of PostgreSQL

PostgreSQL: four vulnerabilities
An attacker can use several vulnerabilities of PostgreSQL...
CVE-2019-10208, CVE-2019-10209, CVE-2019-10210, CVE-2019-10211, DLA-1874-1, DSA-4492-1, DSA-4493-1, openSUSE-SU-2019:2062-1, SUSE-SU-2019:2158-1, SUSE-SU-2019:2159-1, SUSE-SU-2019:2228-1, SUSE-SU-2019:2707-1, USN-4090-1, VIGILANCE-VUL-29986
PostgreSQL: buffer overflow via Password Change
An attacker can trigger a buffer overflow via Password Change of PostgreSQL, in order to trigger a denial of service, and possibly to run code...
CVE-2019-10164, openSUSE-SU-2019:1773-1, SUSE-SU-2019:1783-1, SUSE-SU-2019:1783-2, SUSE-SU-2019:1810-1, USN-4027-1, VIGILANCE-VUL-29583
PostgreSQL: information disclosure via INSERT requests
A local attacker can read a memory fragment via INSERT of PostgreSQL, in order to obtain sensitive information...
CVE-2019-10129, USN-3972-1, VIGILANCE-VUL-29263
PostgreSQL: information disclosure via indexes
An attacker can use some operators in a SQL request to PostgreSQL, in order to obtain retrieve some values from a forbidden column...
CVE-2019-10130, DSA-4439-1, openSUSE-SU-2019:1578-1, openSUSE-SU-2019:1668-1, openSUSE-SU-2019:1773-1, SUSE-SU-2019:1511-1, SUSE-SU-2019:1687-1, SUSE-SU-2019:1810-1, USN-3972-1, VIGILANCE-VUL-29262
PostgreSQL: privilege escalation via the Windows installer
The PostgreSQL installer for MS-Windows does not rightly define some permissions...
CVE-2019-10127, CVE-2019-10128, DLA-1784-1, VIGILANCE-VUL-29264
PostgreSQL: SQL injection via pg_upgrade/pg_dump
An attacker can use a SQL injection via pg_upgrade/pg_dump of PostgreSQL, in order to read or alter data...
528379, CVE-2018-16850, DLA-1642-1, DSA-2018-208, openSUSE-SU-2018:3893-1, openSUSE-SU-2018:4031-1, RHSA-2018:3757-01, SUSE-SU-2018:3770-1, SUSE-SU-2018:3770-2, USN-3818-1, VIGILANCE-VUL-27738
PostgreSQL: information disclosure via CONFLICT DO UPDATE
A local attacker can read a memory fragment via CONFLICT DO UPDATE of PostgreSQL, in order to obtain sensitive information...
528379, CVE-2018-10925, DSA-2018-208, DSA-4269-1, FEDORA-2018-d8f5aea89d, openSUSE-SU-2018:2599-1, openSUSE-SU-2018:3449-1, RHSA-2018:2511-01, RHSA-2018:2565-01, RHSA-2018:2566-01, SUSE-SU-2018:2564-1, SUSE-SU-2018:3377-1, USN-3744-1, VIGILANCE-VUL-26960
PostgreSQL: privilege escalation via Libpq Host Connection Parameters
An attacker can bypass restrictions via Libpq Host Connection Parameters of PostgreSQL, in order to escalate his privileges...
528379, CVE-2018-10915, DLA-1464-1, DSA-2018-208, DSA-2019-131, DSA-4269-1, FEDORA-2018-d8f5aea89d, openSUSE-SU-2018:2599-1, openSUSE-SU-2018:3449-1, openSUSE-SU-2018:4007-1, RHSA-2018:2511-01, RHSA-2018:2557-01, RHSA-2018:2565-01, RHSA-2018:2566-01, SUSE-SU-2018:2564-1, SUSE-SU-2018:3287-1, SUSE-SU-2018:3377-1, SUSE-SU-2018:3909-1, USN-3744-1, VIGILANCE-VUL-26959
PostgreSQL: log rotation via adminpack pg_logfile_rotate
An attacker can bypass restrictions via adminpack pg_logfile_rotate() of PostgreSQL, in order to rotate logs...
CVE-2018-1115, FEDORA-2018-08550a9006, FEDORA-2018-937c789f2a, FEDORA-2018-bd6f9237b5, openSUSE-SU-2018:1709-1, openSUSE-SU-2018:1900-1, openSUSE-SU-2018:2599-1, RHSA-2018:2565-01, RHSA-2018:2566-01, SUSE-SU-2018:1695-1, SUSE-SU-2018:2564-1, VIGILANCE-VUL-26093
PostgreSQL: privilege escalation via function search paths
An attacker can define SQL functions with the same names than built-in functions of PostgreSQL, in order to make users run them with their own privileges...
CVE-2018-1058, DSA-2019-131, FEDORA-2018-2999cf6426, FEDORA-2018-a32082df51, openSUSE-SU-2018:0736-1, openSUSE-SU-2018:0765-1, openSUSE-SU-2018:0890-1, RHSA-2018:2511-01, RHSA-2018:2566-01, USN-3589-1, VIGILANCE-VUL-25416
Our database contains other pages. You can request a free trial to read them.

Display information about PostgreSQL: