CVE search results

41 – 50 of 69 results

Detailed view

Sort by:

CVE-2020-1720

Medium priority

Fixed

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as...

6 affected packages

postgresql-12, postgresql-10, postgresql-11, postgresql-9.5, postgresql-9.1, postgresql-9.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
postgresql-12	—	—	—	Not in release
postgresql-10	—	—	—	Fixed
postgresql-11	—	—	—	Not in release
postgresql-9.5	—	—	—	Not in release
postgresql-9.1	—	—	—	Not in release
postgresql-9.3	—	—	—	Not in release

CVE-2019-10209

Low priority

Fixed

Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

5 affected packages

postgresql-10, postgresql-11, postgresql-9.1, postgresql-9.3, postgresql-9.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
postgresql-10	—	—	—	Not affected
postgresql-11	—	—	—	Not in release
postgresql-9.1	—	—	—	Not in release
postgresql-9.3	—	—	—	Not in release
postgresql-9.5	—	—	—	Not in release

CVE-2019-10208

Medium priority

Some fixes available 4 of 5

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER...

5 affected packages

postgresql-10, postgresql-11, postgresql-9.1, postgresql-9.3, postgresql-9.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
postgresql-10	—	—	—	Fixed
postgresql-11	—	—	—	Not in release
postgresql-9.1	—	—	—	Not in release
postgresql-9.3	—	—	—	Not in release
postgresql-9.5	—	—	—	Not in release

CVE-2019-10164

Medium priority

Fixed

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted...

5 affected packages

postgresql-10, postgresql-11, postgresql-9.1, postgresql-9.3, postgresql-9.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
postgresql-10	—	—	—	Fixed
postgresql-11	—	—	—	Not in release
postgresql-9.1	—	—	—	Not in release
postgresql-9.3	—	—	—	Not in release
postgresql-9.5	—	—	—	Not in release

CVE-2019-10130

Medium priority

Fixed

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain...

5 affected packages

postgresql-10, postgresql-11, postgresql-9.1, postgresql-9.3, postgresql-9.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
postgresql-10	—	—	—	Fixed
postgresql-11	—	—	—	Not in release
postgresql-9.1	—	—	—	Not in release
postgresql-9.3	—	—	—	Not in release
postgresql-9.5	—	—	—	Not in release

CVE-2019-10129

Medium priority

Fixed

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a...

5 affected packages

postgresql-10, postgresql-11, postgresql-9.1, postgresql-9.3, postgresql-9.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
postgresql-10	—	—	—	Not affected
postgresql-11	—	—	—	Not in release
postgresql-9.1	—	—	—	Not in release
postgresql-9.3	—	—	—	Not in release
postgresql-9.5	—	—	—	Not in release

CVE-2019-9193

Medium priority

Not affected

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user....

5 affected packages

postgresql-10, postgresql-11, postgresql-9.1, postgresql-9.3, postgresql-9.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
postgresql-10	—	—	—	Not affected
postgresql-11	—	—	—	Not in release
postgresql-9.1	—	—	—	Not in release
postgresql-9.3	—	—	—	Not in release
postgresql-9.5	—	—	—	Not in release

CVE-2018-16850

Medium priority

Fixed

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to...

4 affected packages

postgresql-10, postgresql-9.1, postgresql-9.3, postgresql-9.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
postgresql-10	—	—	—	Fixed
postgresql-9.1	—	—	—	Not in release
postgresql-9.3	—	—	—	Not in release
postgresql-9.5	—	—	—	Not in release

CVE-2018-10925

Medium priority

Fixed

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE...

4 affected packages

postgresql-9.1, postgresql-10, postgresql-9.3, postgresql-9.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
postgresql-9.1	—	—	—	Not in release
postgresql-10	—	—	—	Fixed
postgresql-9.3	—	—	—	Not in release
postgresql-9.5	—	—	—	Not in release

CVE-2018-10915

Medium priority

Fixed

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection...

4 affected packages

postgresql-9.1, postgresql-9.3, postgresql-10, postgresql-9.5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
postgresql-9.1	—	—	—	Not in release
postgresql-9.3	—	—	—	Not in release
postgresql-10	—	—	—	Fixed
postgresql-9.5	—	—	—	Not in release

Export to JSON

Results by page:

Search CVE reports