Search CVE reports
51 – 60 of 96 results
Some fixes available 3 of 4
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
4 affected packages
postgresql-9.1, postgresql-9.3, postgresql-9.5, postgresql-9.6
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-9.1 | — | — | — | — |
| postgresql-9.3 | — | — | — | — |
| postgresql-9.5 | — | — | — | — |
| postgresql-9.6 | — | — | — | — |
Some fixes available 3 of 4
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An...
4 affected packages
postgresql-9.1, postgresql-9.3, postgresql-9.5, postgresql-9.6
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-9.1 | — | — | — | — |
| postgresql-9.3 | — | — | — | — |
| postgresql-9.5 | — | — | — | — |
| postgresql-9.6 | — | — | — | — |
Some fixes available 3 of 4
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information...
5 affected packages
postgresql-9.1, postgresql-9.3, postgresql-10, postgresql-9.5, postgresql-9.6
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-9.1 | — | — | — | Not in release |
| postgresql-9.3 | — | — | — | Not in release |
| postgresql-10 | — | — | — | Not affected |
| postgresql-9.5 | — | — | — | Not in release |
| postgresql-9.6 | — | — | — | Not in release |
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the...
5 affected packages
postgresql-9.1, postgresql-10, postgresql-9.3, postgresql-9.5, postgresql-9.6
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-9.1 | — | — | — | — |
| postgresql-10 | — | — | — | — |
| postgresql-9.3 | — | — | — | — |
| postgresql-9.5 | — | — | — | — |
| postgresql-9.6 | — | — | — | — |
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a...
5 affected packages
postgresql-9.3, postgresql-9.5, postgresql-9.6, postgresql-10, postgresql-9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-9.3 | — | — | — | Not in release |
| postgresql-9.5 | — | — | — | Not in release |
| postgresql-9.6 | — | — | — | Not in release |
| postgresql-10 | — | — | — | Not affected |
| postgresql-9.1 | — | — | — | Not in release |
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
5 affected packages
postgresql-9.1, postgresql-10, postgresql-9.3, postgresql-9.5, postgresql-9.6
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-9.1 | — | — | — | — |
| postgresql-10 | — | — | — | — |
| postgresql-9.3 | — | — | — | — |
| postgresql-9.5 | — | — | — | — |
| postgresql-9.6 | — | — | — | — |
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability...
4 affected packages
postgresql-9.1, postgresql-9.3, postgresql-9.5, postgresql-9.6
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-9.1 | — | — | — | — |
| postgresql-9.3 | — | — | — | — |
| postgresql-9.5 | — | — | — | — |
| postgresql-9.6 | — | — | — | — |
Some fixes available 4 of 5
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) "...
4 affected packages
postgresql-8.4, postgresql-9.1, postgresql-9.3, postgresql-9.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
| postgresql-9.3 | — | — | — | — |
| postgresql-9.5 | — | — | — | — |
Some fixes available 4 of 5
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain...
4 affected packages
postgresql-9.5, postgresql-8.4, postgresql-9.1, postgresql-9.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-9.5 | — | — | — | — |
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
| postgresql-9.3 | — | — | — | — |
The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server...
5 affected packages
postgresql-8.4, postgresql-9.1, postgresql-9.3, postgresql-9.4, postgresql-9.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
| postgresql-9.3 | — | — | — | — |
| postgresql-9.4 | — | — | — | — |
| postgresql-9.5 | — | — | — | — |