| PostgreSQL | Number Of NVD | 154 | CRITICAL | 7 | HIGH | 63 | MEDIUM | 77 | LOW | 7 |
| URL | https://www.postgresql.org/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | PostgreSQL is an object-relational database management system (ORDBMS) based on POSTGRES, Version 4.2, developed by the Department of Computer Science at the University of California, Berkeley. Extracted from [https://www.postgresql.jp/document/11/html/intro-whatis.html] From version 10 onwards, the integer part represents major versions and the decimal part represents minor updates. Every year, a major version including new features is released. Minor releases with bugs and security fixes will be released at least once every three months, if necessary. Unscheduled releases will be made for urgent security issues. Support is provided for five years after the major version is released. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://www.postgresql.org/support/versioning/ | ||
| 2 | https://wiki.postgresql.org/wiki/Main_Page | ||
| 3 | https://www.postgresql.jp/ | ||
| 4 | https://www.postgresql.org/download/ |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 61 | PostgreSQL 16 | 16.11 | Nov. 13, 2025 | Sept. 14, 2023 | Sept. 9, 2028 | 0 | 2 | 2 | 0 | ||
| 62 | PostgreSQL 15 | 15.15 | Nov. 13, 2025 | Jan. 13, 2022 | Nov. 11, 2027 | 0 | 6 | 4 | 1 | ||
| 63 | PostgreSQL 14 | 14.20 | Nov. 13, 2025 | May 15, 2021 | Nov. 12, 2026 | 0 | 8 | 5 | 1 | ||
| 64 | PostgreSQL 13 | 13.23 | Nov. 13, 2025 | Sept. 24, 2020 | Nov. 23, 2025 | 0 | 12 | 10 | 1 | ||
| 65 | PostgreSQL 12 | 12.22 | Nov. 21, 2024 | Oct. 3, 2019 | Nov. 14, 2024 | 0 | 15 | 11 | 1 | ||
| 66 | PostgreSQL 11 | 11.22 | Nov. 9, 2023 | Oct. 18, 2018 | Nov. 9, 2023 | 2 | 19 | 12 | 1 | ||
| 67 | PostgreSQL 10 | 10.23 | Nov. 10, 2022 | Oct. 5, 2017 | Nov. 10, 2022 | 3 | 21 | 9 | 0 | ||
| 68 | PostgreSQL 9 | 9.6.24 | Sept. 20, 2010 | Oct. 8, 2015 | 6 | 39 | 37 | 0 | |||
| 69 | PostgreSQL 8 | 8.0.9 | Jan. 19, 2005 | July 24, 2014 | 4 | 31 | 48 | 3 | |||
| 70 | PostgreSQL 7 | 7.0.3 | May 8, 2000 | May 8, 2005 | 4 | 31 | 38 | 4 | |||
| 71 | PostgreSQL 6 | 6.5.3 | Jan. 29, 1997 | June 9, 2004 | 4 | 21 | 20 | 2 | |||
| 72 | PostgreSQL 1 | 1.09 | Nov. 4, 1996 | Jan. 1, 2000 | 4 | 21 | 22 | 1 | |||
| 73 | PostgreSQL - | - | 4 | 17 | 14 | 1 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 61 |
8.8 4.0 |
HIGH
Network |
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by… |
NVD-CWE-noinfo
|
CVE-2017-7547 |
cpe:2.3:a:postgresql:postgresql:9.6:* cpe:2.3:a:postgresql:postgresql:9.6.3:* cpe:2.3:a:postgresql:postgresql:9.6… |
2024-11-21 12:32 2017-08-17 |
Show | GitHub Exploit DB Packet Storm | ||||
| 62 |
9.8 7.5 |
CRITICAL
Network |
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. |
CWE-287
Improper Authentication |
CVE-2017-7546 |
cpe:2.3:a:postgresql:postgresql:9.6:* cpe:2.3:a:postgresql:postgresql:9.6.3:* cpe:2.3:a:postgresql:postgresql:9.6… |
2024-11-21 12:32 2017-08-17 |
Show | GitHub Exploit DB Packet Storm | ||||
| 63 |
7.5 5.0 |
HIGH
Network |
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. |
CWE-284
Improper Access Control |
CVE-2016-0768 | cpe:2.3:a:postgresql:postgresql:*:* | 9.0 |
2024-11-21 11:42 2017-06-7 |
Show | GitHub Exploit DB Packet Storm | |||
| 64 |
7.5 5.0 |
HIGH
Network |
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. |
CWE-200
Information Exposure |
CVE-2017-7486 |
cpe:2.3:a:postgresql:postgresql:9.6:* cpe:2.3:a:postgresql:postgresql:9.5:* cpe:2.3:a:postgresql:postgresql:9.5.7… |
2024-11-21 12:31 2017-05-13 |
Show | GitHub Exploit DB Packet Storm | ||||
| 65 |
5.9 4.3 |
MEDIUM
Network |
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connectio… |
CWE-311
Missing Encryption of Sensitive Data |
CVE-2017-7485 |
cpe:2.3:a:postgresql:postgresql:9.6:* cpe:2.3:a:postgresql:postgresql:9.6.2:* cpe:2.3:a:postgresql:postgresql:9.6… |
2024-11-21 12:31 2017-05-13 |
Show | GitHub Exploit DB Packet Storm | ||||
| 66 |
7.5 5.0 |
HIGH
Network |
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges… |
CWE-200
Information Exposure |
CVE-2017-7484 |
cpe:2.3:a:postgresql:postgresql:9.6:* cpe:2.3:a:postgresql:postgresql:9.6.2:* cpe:2.3:a:postgresql:postgresql:9.6… |
9.2.20 |
2024-11-21 12:31 2017-05-13 |
Show | GitHub Exploit DB Packet Storm | |||
| 67 |
7.1 4.6 |
HIGH
Network |
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain supe… |
CWE-94
Code Injection |
CVE-2016-5424 |
cpe:2.3:a:postgresql:postgresql:9.5:* cpe:2.3:a:postgresql:postgresql:9.5.3:* cpe:2.3:a:postgresql:postgresql:9.5… |
9.1.22 |
2024-11-21 11:54 2016-12-10 |
Show | GitHub Exploit DB Packet Storm | |||
| 68 |
8.3 6.5 |
HIGH
Network |
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference … |
CWE-476
NULL Pointer Dereference |
CVE-2016-5423 |
cpe:2.3:a:postgresql:postgresql:9.5:* cpe:2.3:a:postgresql:postgresql:9.5.3:* cpe:2.3:a:postgresql:postgresql:9.5… |
9.1.22 |
2024-11-21 11:54 2016-12-10 |
Show | GitHub Exploit DB Packet Storm | |||
| 69 |
9.1 8.5 |
CRITICAL
Network |
The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequent… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2016-3065 |
cpe:2.3:a:postgresql:postgresql:9.5:* cpe:2.3:a:postgresql:postgresql:9.5.1:* |
2024-11-21 11:49 2016-04-12 |
Show | GitHub Exploit DB Packet Storm | ||||
| 70 |
7.5 5.0 |
HIGH
Network |
PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that pe… |
CWE-254
7PK - Security Features |
CVE-2016-2193 |
cpe:2.3:a:postgresql:postgresql:9.5:* cpe:2.3:a:postgresql:postgresql:9.5.1:* |
2024-11-21 11:48 2016-04-12 |
Show | GitHub Exploit DB Packet Storm |