Postgresql: >> Postgresql >> 9.3.24 Security Vulnerabilities
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
CVSS Score
7.3
EPSS Score
0.004
Published
2018-03-01
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.
CVSS Score
6.0
EPSS Score
0.011
Published
2010-10-06
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
CVSS Score
7.5
EPSS Score
0.004
Published
2009-10-22
Page 2