postgresql12 (SUSE:Linux Enterprise Server 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP5 package postgresql12, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (23)
CVE-2022-1552 — CVSS 8.8 (high): A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another…
CVE-2020-25695 — CVSS 8.8 (high): A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker…
CVE-2024-7348 — CVSS 8.8 (high): Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as…
CVE-2021-32027 — CVSS 8.8 (high): A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain…
CVE-2023-5869 — CVSS 8.8 (high): A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during…
CVE-2020-25694 — CVSS 8.1 (high): A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client…
CVE-2021-23214 — CVSS 8.1 (high): When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle…
CVE-2022-2625 — CVSS 8.0 (high): A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the…
CVE-2024-0985 — CVSS 8.0 (high): Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as…
CVE-2020-25696 — CVSS 7.5 (high): A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before…
CVE-2023-39417 — CVSS 7.5 (high): IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@…
CVE-2020-14350 — CVSS 7.3 (high): It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient…
CVE-2023-2454 — CVSS 7.2 (high): schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed…
CVE-2020-14349 — CVSS 7.1 (high): It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical…
CVE-2021-32029 — CVSS 6.5 (medium): A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read…
CVE-2021-32028 — CVSS 6.5 (medium): A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database…
CVE-2021-3677 — CVSS 6.5 (medium): A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any…
CVE-2021-23222 — CVSS 5.9 (medium): A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification…
CVE-2023-2455 — CVSS 5.4 (medium): Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases…
CVE-2023-5868 — CVSS 4.3 (medium): A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain…
CVE-2021-3393 — CVSS 4.3 (medium): An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but…
CVE-2022-41862 — CVSS 3.7 (low): In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport…
CVE-2023-5870 — CVSS 2.2 (low): A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication…