National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:postgresql:postgresql:6.2
There are 30 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Published: November 20, 2019; 04:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-3166

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

Published: November 20, 2019; 04:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-10211

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.

Published: October 29, 2019; 03:15:16 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-10210

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.

Published: October 29, 2019; 03:15:16 PM -04:00
V3.1: 7.0 HIGH
    V2: 1.9 LOW
CVE-2016-7048

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

Published: August 20, 2018; 05:29:00 PM -04:00
V3.0: 8.1 HIGH
    V2: 9.3 HIGH
CVE-2018-1115

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Published: May 10, 2018; 03:29:00 PM -04:00
V3.0: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2017-14798

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.

Published: March 01, 2018; 03:29:00 PM -05:00
V3.0: 7.0 HIGH
    V2: 6.9 MEDIUM
CVE-2016-0768

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.

Published: June 06, 2017; 02:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-7484

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Published: May 12, 2017; 03:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-5424

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Published: December 09, 2016; 06:59:02 PM -05:00
V3.0: 7.1 HIGH
    V2: 4.6 MEDIUM
CVE-2016-5423

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.

Published: December 09, 2016; 06:59:00 PM -05:00
V3.0: 8.3 HIGH
    V2: 6.5 MEDIUM
CVE-2016-0773

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

Published: February 17, 2016; 10:59:02 AM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-0766

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.

Published: February 17, 2016; 10:59:01 AM -05:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2015-5289

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.

Published: October 26, 2015; 10:59:02 AM -04:00
    V2: 6.4 MEDIUM
CVE-2015-5288

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.

Published: October 26, 2015; 10:59:01 AM -04:00
    V2: 6.4 MEDIUM
CVE-2015-3165

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

Published: May 28, 2015; 10:59:06 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-0067

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

Published: March 31, 2014; 10:58:15 AM -04:00
    V2: 4.6 MEDIUM
CVE-2014-0066

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

Published: March 31, 2014; 10:58:15 AM -04:00
    V2: 4.0 MEDIUM
CVE-2014-0065

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.

Published: March 31, 2014; 10:58:15 AM -04:00
    V2: 6.5 MEDIUM
CVE-2014-0064

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.

Published: March 31, 2014; 10:58:15 AM -04:00
    V2: 6.5 MEDIUM