Software Detail

Software Informaton Top

Database

Software Detail

PostgreSQL

Number Of NVD

154

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.postgresql.org/
Explanation	PostgreSQL is an object-relational database management system (ORDBMS) based on POSTGRES, Version 4.2, developed by the Department of Computer Science at the University of California, Berkeley. Extracted from [https://www.postgresql.jp/document/11/html/intro-whatis.html] From version 10 onwards, the integer part represents major versions and the decimal part represents minor updates. Every year, a major version including new features is released. Minor releases with bugs and security fixes will be released at least once every three months, if necessary. Unscheduled releases will be made for urgent security issues. Support is provided for five years after the major version is released.
Tag	オープンソース PostgreSQL Licence 商用ライセンス有り

Add Information URL

No	Type	Name	URL
1			https://www.postgresql.org/support/versioning/
2			https://wiki.postgresql.org/wiki/Main_Page
3			https://www.postgresql.jp/
4			https://www.postgresql.org/download/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
91	PostgreSQL 16	16.11	Nov. 13, 2025	Sept. 14, 2023	Sept. 9, 2028	0	2	2	0
92	PostgreSQL 15	15.15	Nov. 13, 2025	Jan. 13, 2022	Nov. 11, 2027	0	6	4	1
93	PostgreSQL 14	14.20	Nov. 13, 2025	May 15, 2021	Nov. 12, 2026	0	8	5	1
94	PostgreSQL 13	13.23	Nov. 13, 2025	Sept. 24, 2020	Nov. 23, 2025	0	12	10	1
95	PostgreSQL 12	12.22	Nov. 21, 2024	Oct. 3, 2019	Nov. 14, 2024	0	15	11	1
96	PostgreSQL 11	11.22	Nov. 9, 2023	Oct. 18, 2018	Nov. 9, 2023	2	19	12	1
97	PostgreSQL 10	10.23	Nov. 10, 2022	Oct. 5, 2017	Nov. 10, 2022	3	21	9	0
98	PostgreSQL 9	9.6.24		Sept. 20, 2010	Oct. 8, 2015	6	39	37	0
99	PostgreSQL 8	8.0.9		Jan. 19, 2005	July 24, 2014	4	31	48	3
100	PostgreSQL 7	7.0.3		May 8, 2000	May 8, 2005	4	31	38	4
101	PostgreSQL 6	6.5.3	Jan. 29, 1997		June 9, 2004	4	21	20	2
102	PostgreSQL 1	1.09	Nov. 4, 1996		Jan. 1, 2000	4	21	22	1
103	PostgreSQL -	-				4	17	14	1

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
91	- 7.5	HIGH	Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9…	NVD-CWE-Other	CVE-2012-1618	cpe:2.3:a:postgresql:postgresql:9.1:*			2024-11-21 10:37 2012-10-7	Show	GitHub Exploit DB Packet Storm

92	6.5 4.0	MEDIUM Network	The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users…	CWE-611 XXE	CVE-2012-3489	cpe:2.3:a:postgresql:postgresql::	8.3.0 8.4.0 9.1.0 9.0.0	8.3.20 8.4.13 9.1.5 9.0.9	2024-11-21 10:40 2012-10-4	Show	GitHub Exploit DB Packet Storm

93	- 4.9	MEDIUM	The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-3488	cpe:2.3:a:postgresql:postgresql:9.1:* cpe:2.3:a:postgresql:postgresql:9.1.4:* cpe:2.3:a:postgresql:postgresql:9.1…			2024-11-21 10:40 2012-10-4	Show	GitHub Exploit DB Packet Storm

94	- 4.0	MEDIUM	PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURIT…	CWE-399 Resource Management Errors	CVE-2012-2655	cpe:2.3:a:postgresql:postgresql:9.1:* cpe:2.3:a:postgresql:postgresql:9.1.3:* cpe:2.3:a:postgresql:postgresql:9.1…			2024-11-21 10:39 2012-07-19	Show	GitHub Exploit DB Packet Storm

95	- 6.8	MEDIUM	CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary S…	CWE-89 SQL Injection	CVE-2012-0868	cpe:2.3:a:postgresql:postgresql:9.1:* cpe:2.3:a:postgresql:postgresql:9.1.2:* cpe:2.3:a:postgresql:postgresql:9.1…			2024-11-21 10:35 2012-07-19	Show	GitHub Exploit DB Packet Storm

96	- 4.3	MEDIUM	PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof conn…	CWE-20 CWE-295 Improper Input Validation Improper Certificate Validation	CVE-2012-0867	cpe:2.3:a:postgresql:postgresql:9.1:* cpe:2.3:a:postgresql:postgresql:9.1.2:* cpe:2.3:a:postgresql:postgresql:9.1…			2024-11-21 10:35 2012-07-19	Show	GitHub Exploit DB Packet Storm

97	- 6.5	MEDIUM	CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-0866	cpe:2.3:a:postgresql:postgresql:9.1:* cpe:2.3:a:postgresql:postgresql:9.1.2:* cpe:2.3:a:postgresql:postgresql:9.1…			2024-11-21 10:35 2012-07-19	Show	GitHub Exploit DB Packet Storm

98	- 4.3	MEDIUM	The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contai…	CWE-310 Cryptographic Issues	CVE-2012-2143	cpe:2.3:a:postgresql:postgresql::	8.3 8.4 9.0 9.1	8.3.19 8.4.12 9.0.8 9.1.4	2024-11-21 10:38 2012-07-5	Show	GitHub Exploit DB Packet Storm

99	- 5.0	MEDIUM	crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-…	CWE-310 Cryptographic Issues	CVE-2011-2483	cpe:2.3:a:postgresql:postgresql::	8.2.0 8.3.0 8.4.0 9.0.0	8.2.22 8.3.16 8.4.9 9.0.5	2024-11-21 10:28 2011-08-25	Show	GitHub Exploit DB Packet Storm

100	- 6.5	MEDIUM	Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.2…	CWE-189 Numeric Errors	CVE-2010-4015	cpe:2.3:a:postgresql:postgresql:9.0:* cpe:2.3:a:postgresql:postgresql:9.0.2:* cpe:2.3:a:postgresql:postgresql:9.0…			2024-11-21 10:20 2011-02-2	Show	GitHub Exploit DB Packet Storm