| CVE-2018-1058 |
AVG-643 |
High |
Yes |
Privilege escalation |
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw... |
| CVE-2017-15099 |
AVG-485 |
Medium |
Yes |
Access restriction bypass |
An access restriction bypass vulnerability has been discovered in PostgreSQL, the "INSERT ... ON CONFLICT DO UPDATE" would not check to see if the executing... |
| CVE-2017-15098 |
AVG-485 |
Medium |
Yes |
Information disclosure |
A denial of service and potential memory disclosure vulnerability has been discovered in PostgreSQL in the json_populate_recordset() and... |
| CVE-2017-12172 |
AVG-487 |
High |
No |
Privilege escalation |
A vulnerability has been discovered in PostgreSQL when the startup log file for the postmaster (in newer releases, "postgres") process was opened while the... |
| CVE-2017-7548 |
AVG-381 |
Medium |
Yes |
Access restriction bypass |
An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could... |
| CVE-2017-7547 |
AVG-381 |
High |
Yes |
Information disclosure |
An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could... |
| CVE-2017-7546 |
AVG-381 |
Medium |
Yes |
Authentication bypass |
It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A... |
| CVE-2017-7486 |
AVG-272 |
Medium |
Yes |
Information disclosure |
A security issue has been found in PostgreSQL < 9.6.3, where the pg_user_mappings view disclosed user mapping options to any user having USAGE privilege on... |
| CVE-2017-7484 |
AVG-272 |
Medium |
Yes |
Information disclosure |
A security issue has been found in PostgreSQL < 9.6.3, where some selectivity estimation functions did not check user privileges before providing... |