Software Detail

Software Informaton Top

Database

Software Detail

PostgreSQL

Number Of NVD

165

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.postgresql.org/
Explanation	PostgreSQL is an object-relational database management system (ORDBMS) based on POSTGRES, Version 4.2, developed by the Department of Computer Science at the University of California, Berkeley. Extracted from [https://www.postgresql.jp/document/11/html/intro-whatis.html] From version 10 onwards, the integer part represents major versions and the decimal part represents minor updates. Every year, a major version including new features is released. Minor releases with bugs and security fixes will be released at least once every three months, if necessary. Unscheduled releases will be made for urgent security issues. Support is provided for five years after the major version is released.
Tag	商用ライセンス有りオープンソース PostgreSQL Licence

Add Information URL

No	Type	Name	URL
1			https://www.postgresql.org/support/versioning/
2			https://wiki.postgresql.org/wiki/Main_Page
3			https://www.postgresql.jp/
4			https://www.postgresql.org/download/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
101	PostgreSQL 16	16.11	Nov. 13, 2025	Sept. 14, 2023	Sept. 9, 2028	0	8	5	0
102	PostgreSQL 15	15.15	Nov. 13, 2025	Jan. 13, 2022	Nov. 11, 2027	0	11	7	1
103	PostgreSQL 14	14.20	Nov. 13, 2025	May 15, 2021	Nov. 12, 2026	0	13	8	1
104	PostgreSQL 13	13.23	Nov. 13, 2025	Sept. 24, 2020	Nov. 23, 2025	0	17	13	1
105	PostgreSQL 12	12.22	Nov. 21, 2024	Oct. 3, 2019	Nov. 14, 2024	0	20	14	1
106	PostgreSQL 11	11.22	Nov. 9, 2023	Oct. 18, 2018	Nov. 9, 2023	2	24	15	1
107	PostgreSQL 10	10.23	Nov. 10, 2022	Oct. 5, 2017	Nov. 10, 2022	3	26	12	0
108	PostgreSQL 9	9.6.24		Sept. 20, 2010	Oct. 8, 2015	6	44	40	0
109	PostgreSQL 8	8.0.9		Jan. 19, 2005	July 24, 2014	4	36	51	3
110	PostgreSQL 7	7.0.3		May 8, 2000	May 8, 2005	4	36	41	4
111	PostgreSQL 6	6.5.3	Jan. 29, 1997		June 9, 2004	4	26	23	2
112	PostgreSQL 1	1.09	Nov. 4, 1996		Jan. 1, 2000	4	26	25	1
113	PostgreSQL -	-				4	22	17	1

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
101	- 6.8	MEDIUM	PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, whic…	CWE-20 Improper Input Validation	CVE-2013-0255	cpe:2.3:a:postgresql:postgresql:9.1:* cpe:2.3:a:postgresql:postgresql:9.1.7:* cpe:2.3:a:postgresql:postgresql:9.1…			2024-11-21 10:47 2013-02-13	Show	GitHub Exploit DB Packet Storm

102	- 7.5	HIGH	Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9…	NVD-CWE-Other	CVE-2012-1618	cpe:2.3:a:postgresql:postgresql:9.1:*			2024-11-21 10:37 2012-10-7	Show	GitHub Exploit DB Packet Storm

103	6.5 4.0	MEDIUM Network	The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users…	CWE-611 XXE	CVE-2012-3489	cpe:2.3:a:postgresql:postgresql::	8.3.0 8.4.0 9.1.0 9.0.0	8.3.20 8.4.13 9.1.5 9.0.9	2024-11-21 10:40 2012-10-4	Show	GitHub Exploit DB Packet Storm

104	- 4.9	MEDIUM	The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-3488	cpe:2.3:a:postgresql:postgresql:9.1:* cpe:2.3:a:postgresql:postgresql:9.1.4:* cpe:2.3:a:postgresql:postgresql:9.1…			2024-11-21 10:40 2012-10-4	Show	GitHub Exploit DB Packet Storm

105	- 4.0	MEDIUM	PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURIT…	CWE-399 Resource Management Errors	CVE-2012-2655	cpe:2.3:a:postgresql:postgresql:9.1:* cpe:2.3:a:postgresql:postgresql:9.1.3:* cpe:2.3:a:postgresql:postgresql:9.1…			2024-11-21 10:39 2012-07-19	Show	GitHub Exploit DB Packet Storm

106	- 6.8	MEDIUM	CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary S…	CWE-89 SQL Injection	CVE-2012-0868	cpe:2.3:a:postgresql:postgresql:9.1:* cpe:2.3:a:postgresql:postgresql:9.1.2:* cpe:2.3:a:postgresql:postgresql:9.1…			2024-11-21 10:35 2012-07-19	Show	GitHub Exploit DB Packet Storm

107	- 4.3	MEDIUM	PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof conn…	CWE-20 CWE-295 Improper Input Validation Improper Certificate Validation	CVE-2012-0867	cpe:2.3:a:postgresql:postgresql:9.1:* cpe:2.3:a:postgresql:postgresql:9.1.2:* cpe:2.3:a:postgresql:postgresql:9.1…			2024-11-21 10:35 2012-07-19	Show	GitHub Exploit DB Packet Storm

108	- 6.5	MEDIUM	CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-0866	cpe:2.3:a:postgresql:postgresql:9.1:* cpe:2.3:a:postgresql:postgresql:9.1.2:* cpe:2.3:a:postgresql:postgresql:9.1…			2024-11-21 10:35 2012-07-19	Show	GitHub Exploit DB Packet Storm

109	- 4.3	MEDIUM	The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contai…	CWE-310 Cryptographic Issues	CVE-2012-2143	cpe:2.3:a:postgresql:postgresql::	8.3 8.4 9.0 9.1	8.3.19 8.4.12 9.0.8 9.1.4	2024-11-21 10:38 2012-07-5	Show	GitHub Exploit DB Packet Storm

110	- 5.0	MEDIUM	crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-…	CWE-310 Cryptographic Issues	CVE-2011-2483	cpe:2.3:a:postgresql:postgresql::	8.2.0 8.3.0 8.4.0 9.0.0	8.2.22 8.3.16 8.4.9 9.0.5	2024-11-21 10:28 2011-08-25	Show	GitHub Exploit DB Packet Storm