Shodan
Vulnerabilities
Vulnerable Software
Postgresql:  >> Postgresql  >> 11.11  Security Vulnerabilities
CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-03-02
CVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-03-02
CVE-2021-32028
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-10-11
CVE-2021-32029
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-10-08
CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-06-01
CVE-2010-3781
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.
CVSS Score
6.0
EPSS Score
0.011
Published
2010-10-06
CVE-2009-2943
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
CVSS Score
7.5
EPSS Score
0.004
Published
2009-10-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved