Postgresql: >> Postgresql >> 9.1.23 Security Vulnerabilities
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
CVSS Score
7.3
EPSS Score
0.004
Published
2018-03-01
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
CVSS Score
7.5
EPSS Score
0.011
Published
2017-05-12
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
CVSS Score
7.5
EPSS Score
0.046
Published
2017-05-12
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.
CVSS Score
6.0
EPSS Score
0.011
Published
2010-10-06
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
CVSS Score
7.5
EPSS Score
0.004
Published
2009-10-22
Page 2