Exposure of PostgreSQL
Databases41
exposure score
9,752
sites use
0
exploited
0
critical
CVEs
83 resultsCVE-2025-1094HIGHPostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validationEPSS 89.5%CVE-2017-7546—PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackersEPSS 61.6%CVE-2020-25695—A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker hEPSS 46.4%CVE-2018-1058—A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account couEPSS 14.1%CVE-2022-1552—A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another usEPSS 11.7%CVE-2017-7486—PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any usEPSS 6.3%CVE-2017-15099—INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contentEPSS 6.3%CVE-2017-7547—PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackEPSS 5.6%CVE-2015-0241—The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allowEPSS 5.5%CVE-2018-10915HIGHA vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between coEPSS 5.2%CVE-2018-16850HIGHpostgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. UsinEPSS 5.1%CVE-2015-0243—Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, andEPSS 5.1%CVE-2015-0242—Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9EPSS 5.1%CVE-2015-3166—The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.EPSS 4.6%CVE-2024-10979HIGHPostgreSQL PL/Perl environment variable changes execute arbitrary codeEPSS 4.4%CVE-2015-0244—PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle erroEPSS 4.2%CVE-2018-1115MEDIUMpostgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow EPSS 4.0%CVE-2015-3167—contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses diffEPSS 4.0%CVE-2017-15098—Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before EPSS 3.7%CVE-2019-10164HIGHPostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user cEPSS 3.7%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →