cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-1720,https://securityvulnerability.io/vulnerability/CVE-2020-1720,Authorization Flaw in PostgreSQL Affecting Multiple Versions,"A flaw exists within PostgreSQL's handling of the 'ALTER ... DEPENDS ON EXTENSION' command, where sub-commands fail to conduct proper authorization checks. This oversight allows an authenticated attacker, under specific configurations, to potentially execute drop commands on critical database objects such as functions and triggers. The result could lead to significant database corruption, affecting the integrity and availability of stored data. Affected versions include PostgreSQL versions prior to 12.2, 11.7, 10.12, and 9.6.17, necessitating immediate attention to mitigate associated risks.",Red Hat,Postgresql,3.1,LOW,0.0006000000284984708,false,,false,false,false,,,false,false,,2020-03-17T15:28:24.000Z,0
CVE-2017-15097,https://securityvulnerability.io/vulnerability/CVE-2017-15097,,Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.,Red Hat,Postgresql Init Script,6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2018-07-27T20:00:00.000Z,0
CVE-2017-12172,https://securityvulnerability.io/vulnerability/CVE-2017-12172,,"PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.",Red Hat,Postgresql,6.7,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2017-11-22T19:29:00.000Z,0
CVE-2017-15099,https://securityvulnerability.io/vulnerability/CVE-2017-15099,,"INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.",Red Hat,Postgresql,6.5,MEDIUM,0.0020800000056624413,false,,false,false,false,,,false,false,,2017-11-22T18:29:00.000Z,0
CVE-2017-15098,https://securityvulnerability.io/vulnerability/CVE-2017-15098,,"Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.",Red Hat,Postgresql,8.1,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2017-11-22T17:29:00.000Z,0