Exposição de PostgreSQL
Databases41
score de exposição
9.752
sites usam
0
em exploração
0
críticos
CVEs
83 resultadosCVE-2021-32028—A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database EPSS 1.4%CVE-2021-32029—A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read EPSS 1.4%CVE-2021-3677—A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authentEPSS 1.4%CVE-2023-2454HIGHschema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attackeEPSS 1.2%CVE-2020-1720LOWA flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticatedEPSS 1.2%CVE-2021-3393—An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but EPSS 1.2%CVE-2019-10130LOWA vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x EPSS 1.1%CVE-2019-10209LOWPostgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.EPSS 1.1%CVE-2024-10976MEDIUMPostgreSQL row security below e.g. subqueries disregards user ID changesEPSS 0.8%CVE-2024-4317LOWPostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checksEPSS 0.7%CVE-2025-8714HIGHPostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql clientEPSS 0.7%CVE-2024-10978MEDIUMPostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user IDEPSS 0.7%CVE-2023-2455MEDIUMRow security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases whEPSS 0.7%CVE-2026-2005HIGHPostgreSQL pgcrypto heap buffer overflow executes arbitrary codeEPSS 0.7%CVE-2026-2006HIGHPostgreSQL missing validation of multibyte character length executes arbitrary codeEPSS 0.7%CVE-2022-41862LOWIn PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption.EPSS 0.6%CVE-2025-4207MEDIUMPostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validationEPSS 0.6%CVE-2017-12172—PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runsEPSS 0.6%CVE-2020-14350—It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privilEPSS 0.5%CVE-2020-10733—The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in theEPSS 0.5%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →