Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:postgresql:postgresql:9.3.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-14798 |
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. Published: March 01, 2018; 3:29:00 PM -0500 |
V3.0: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2018-1053 |
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file. Published: February 09, 2018; 9:29:00 AM -0500 |
V3.0: 7.0 HIGH V2.0: 3.3 LOW |
CVE-2016-0766 |
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors. Published: February 17, 2016; 10:59:01 AM -0500 |
V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2015-5289 |
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. Published: October 26, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2010-3781 |
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433. Published: October 06, 2010; 5:00:01 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2009-2943 |
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. Published: October 22, 2009; 12:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |