| PostgreSQL | Number Of NVD | 154 | CRITICAL | 7 | HIGH | 63 | MEDIUM | 77 | LOW | 7 |
| URL | https://www.postgresql.org/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | PostgreSQL is an object-relational database management system (ORDBMS) based on POSTGRES, Version 4.2, developed by the Department of Computer Science at the University of California, Berkeley. Extracted from [https://www.postgresql.jp/document/11/html/intro-whatis.html] From version 10 onwards, the integer part represents major versions and the decimal part represents minor updates. Every year, a major version including new features is released. Minor releases with bugs and security fixes will be released at least once every three months, if necessary. Unscheduled releases will be made for urgent security issues. Support is provided for five years after the major version is released. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://www.postgresql.org/support/versioning/ | ||
| 2 | https://wiki.postgresql.org/wiki/Main_Page | ||
| 3 | https://www.postgresql.jp/ | ||
| 4 | https://www.postgresql.org/download/ |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 71 | PostgreSQL 16 | 16.11 | Nov. 13, 2025 | Sept. 14, 2023 | Sept. 9, 2028 | 0 | 2 | 2 | 0 | ||
| 72 | PostgreSQL 15 | 15.15 | Nov. 13, 2025 | Jan. 13, 2022 | Nov. 11, 2027 | 0 | 6 | 4 | 1 | ||
| 73 | PostgreSQL 14 | 14.20 | Nov. 13, 2025 | May 15, 2021 | Nov. 12, 2026 | 0 | 8 | 5 | 1 | ||
| 74 | PostgreSQL 13 | 13.23 | Nov. 13, 2025 | Sept. 24, 2020 | Nov. 23, 2025 | 0 | 12 | 10 | 1 | ||
| 75 | PostgreSQL 12 | 12.22 | Nov. 21, 2024 | Oct. 3, 2019 | Nov. 14, 2024 | 0 | 15 | 11 | 1 | ||
| 76 | PostgreSQL 11 | 11.22 | Nov. 9, 2023 | Oct. 18, 2018 | Nov. 9, 2023 | 2 | 19 | 12 | 1 | ||
| 77 | PostgreSQL 10 | 10.23 | Nov. 10, 2022 | Oct. 5, 2017 | Nov. 10, 2022 | 3 | 21 | 9 | 0 | ||
| 78 | PostgreSQL 9 | 9.6.24 | Sept. 20, 2010 | Oct. 8, 2015 | 6 | 39 | 37 | 0 | |||
| 79 | PostgreSQL 8 | 8.0.9 | Jan. 19, 2005 | July 24, 2014 | 4 | 31 | 48 | 3 | |||
| 80 | PostgreSQL 7 | 7.0.3 | May 8, 2000 | May 8, 2005 | 4 | 31 | 38 | 4 | |||
| 81 | PostgreSQL 6 | 6.5.3 | Jan. 29, 1997 | June 9, 2004 | 4 | 21 | 20 | 2 | |||
| 82 | PostgreSQL 1 | 1.09 | Nov. 4, 1996 | Jan. 1, 2000 | 4 | 21 | 22 | 1 | |||
| 83 | PostgreSQL - | - | 4 | 17 | 14 | 1 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 71 |
7.5 5.0 |
HIGH
Network |
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow a… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-0773 |
cpe:2.3:a:postgresql:postgresql:9.5:* cpe:2.3:a:postgresql:postgresql:9.4:* cpe:2.3:a:postgresql:postgresql:9.4.5… |
9.1.19 |
2024-11-21 11:42 2016-02-18 |
Show | GitHub Exploit DB Packet Storm | |||
| 72 |
8.8 9.0 |
HIGH
Network |
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) fo… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2016-0766 |
cpe:2.3:a:postgresql:postgresql:9.5:* cpe:2.3:a:postgresql:postgresql:*:* |
9.2 9.4 9.3 9.1.0 |
|
|
9.2.15 9.4.6 9.3.11 9.1.20 |
2024-11-21 11:42 2016-02-18 |
Show | GitHub Exploit DB Packet Storm |
| 73 |
- 6.4 |
MEDIUM | Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vecto… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2015-5289 | cpe:2.3:a:postgresql:postgresql:*:* |
9.4.0 9.3.0 |
|
|
9.4.5 9.3.10 |
2024-11-21 11:32 2015-10-26 |
Show | GitHub Exploit DB Packet Storm |
| 74 |
- 6.4 |
MEDIUM | The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service… |
CWE-200
Information Exposure |
CVE-2015-5288 |
cpe:2.3:a:postgresql:postgresql:9.4.4:* cpe:2.3:a:postgresql:postgresql:9.4.3:* cpe:2.3:a:postgresql:postgresql:9… |
9.0.22 |
2024-11-21 11:32 2015-10-26 |
Show | GitHub Exploit DB Packet Storm | |||
| 75 |
- 4.3 |
MEDIUM | Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash… |
NVD-CWE-Other
|
CVE-2015-3165 |
cpe:2.3:a:postgresql:postgresql:9.4.1:* cpe:2.3:a:postgresql:postgresql:9.4.0:* cpe:2.3:a:postgresql:postgresql:9… |
9.0.19 |
2024-11-21 11:28 2015-05-28 |
Show | GitHub Exploit DB Packet Storm | |||
| 76 |
- 6.5 |
MEDIUM | Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have un… |
CWE-189
Numeric Errors |
CVE-2014-2669 |
cpe:2.3:a:postgresql:postgresql:9.3:* cpe:2.3:a:postgresql:postgresql:9.3.2:* cpe:2.3:a:postgresql:postgresql:9.3… |
2024-11-21 11:06 2014-03-31 |
Show | GitHub Exploit DB Packet Storm | ||||
| 77 |
- 4.6 |
MEDIUM | The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2014-0067 |
cpe:2.3:a:postgresql:postgresql:9.3:* cpe:2.3:a:postgresql:postgresql:9.3.2:* cpe:2.3:a:postgresql:postgresql:9.3… |
8.4.19 |
2024-11-21 11:01 2014-03-31 |
Show | GitHub Exploit DB Packet Storm | |||
| 78 |
- 4.0 |
MEDIUM | The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library f… |
CWE-20
Improper Input Validation |
CVE-2014-0066 |
cpe:2.3:a:postgresql:postgresql:9.3:* cpe:2.3:a:postgresql:postgresql:9.3.2:* cpe:2.3:a:postgresql:postgresql:9.3… |
8.4.19 |
2024-11-21 11:01 2014-03-31 |
Show | GitHub Exploit DB Packet Storm | |||
| 79 |
- 6.5 |
MEDIUM | Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2014-0065 |
cpe:2.3:a:postgresql:postgresql:9.3:* cpe:2.3:a:postgresql:postgresql:9.3.2:* cpe:2.3:a:postgresql:postgresql:9.3… |
8.4.19 |
2024-11-21 11:01 2014-03-31 |
Show | GitHub Exploit DB Packet Storm | |||
| 80 |
- 6.5 |
MEDIUM | Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remot… |
CWE-189
Numeric Errors |
CVE-2014-0064 |
cpe:2.3:a:postgresql:postgresql:9.3:* cpe:2.3:a:postgresql:postgresql:9.3.2:* cpe:2.3:a:postgresql:postgresql:9.3… |
8.4.19 |
2024-11-21 11:01 2014-03-31 |
Show | GitHub Exploit DB Packet Storm |