CVE
—
Abstract
—
CVSS Score
—
Release Date
—
CVE-2022-1552
Autovacuum, REINDEX, etc. omit the "Security Restricted Operations" sandbox.
8.8
2022-08-31
CVE-2021-3677
Specialized queries can read any byte of server memory. In the default configuration, any authenticated database user can accomplish this attack at will.
6.5
2022-03-02
CVE-2021-23222
Despite the use of SSL certificate validation and encryption, a man-in-the-middle attacker can still inject incorrect responses to the first few queries from the client.
5.9
2022-03-02
CVE-2021-23214
When the server is configured to use trusted authentication with clientcert requirements or to use certificate authentication, a man-in-the-middle attacker can inject arbitrary SQL queries the first time a connection is established, despite the use of SSL certificate authentication and encryption.
8.1
2022-03-04