CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
90.5%
Software: postgresql 9.2.24
OS: Cobalt 7.9
CVE-ID: CVE-2016-7048
CVE-Crit: HIGH
CVE-DESC: The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 may allow remote attackers to execute arbitrary code using HTTP to download software.
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2018-10936
CVE-Crit: HIGH
CVE-DESC: A vulnerability was discovered in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL factory and not verify the hostname if a hostname verifier was not provided for the driver. This could cause an attacker to masquerade as a trusted server by providing a certificate for the wrong host if it was signed by a trusted certificate authority.
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2018-1115
CVE-Crit: CRITICAL
CVE-DESC: postgresql before versions 10.4, 9.6.9 is vulnerable in adminpack extension, pg_catalog.pg_logfile_rotate () function does not follow the same ACL as pg_rorate_logfile. If adminpack is added to the database, an attacker who can connect to it can use it to force log rotation.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2019-3466
CVE-Crit: HIGH
CVE-DESC: The pg_ctlcluster script in postgresql-common in versions before 210 did not reset privileges when creating temporary socket / statistics directories, which could lead to local privilege escalation.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-13692
CVE-Crit: HIGH
CVE-DESC: PostgreSQL JDBC driver (also known as PgJDBC) before 42.2.13 allows XXE.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-25694
CVE-Crit: HIGH
CVE-DESC: The bug was discovered in PostgreSQL versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20, and prior to 9.5.24. If a client application that creates additional database connections reuses only the basic connection parameters, discarding security-related parameters, the possibility of a man-in-the-middle attack or the ability to observe the transmission of plaintext may exist. The greatest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-25695
CVE-Crit: HIGH
CVE-DESC: The bug was discovered in PostgreSQL versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20, and prior to 9.5.24. An attacker with permission to create non-temporal objects in at least one schema could execute arbitrary SQL functions as a superuser. The greatest threat from this vulnerability is related to data confidentiality and integrity, as well as system availability.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2021-3393
CVE-Crit: MEDIUM
CVE-DESC: The information leak was discovered in postgresql in versions prior to 13.2, prior to 12.6, and prior to 11.11. A user with UPDATE permission but no SELECT permission for a particular column can create queries that, under some circumstances, can expose values from that column in error messages. An attacker could exploit this vulnerability to retrieve information stored in a column that they are authorized to write but not read.
CVE-STATUS: default
CVE-REV: Default
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Cobalt | any | noarch | postgresql | < 9.2.24 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
90.5%