Search CVE reports
31 – 40 of 44 results
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via...
2 affected packages
postgresql-8.1, postgresql-8.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.1 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |
Some fixes available 6 of 7
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER...
2 affected packages
postgresql-8.1, postgresql-8.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.1 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of...
2 affected packages
postgresql-8.1, postgresql-8.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.1 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated...
2 affected packages
postgresql-8.1, postgresql-8.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.1 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |
Some fixes available 21 of 24
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte...
14 affected packages
amarok, dovecot, exim4, libapache2-mod-auth-pgsql, php5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| amarok | — | — | — | — |
| dovecot | — | — | — | — |
| exim4 | — | — | — | — |
| libapache2-mod-auth-pgsql | — | — | — | — |
| php5 | — | — | — | — |
| postfix | — | — | — | — |
| postgresql | — | — | — | — |
| postgresql-7.4 | — | — | — | — |
| postgresql-8.1 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |
| psycopg | — | — | — | — |
| psycopg2 | — | — | — | — |
| pygresql | — | — | — | — |
| python-pgsql | — | — | — | — |
Some fixes available 5 of 6
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings...
4 affected packages
postgresql, postgresql-7.4, postgresql-8.1, postgresql-8.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql | — | — | — | — |
| postgresql-7.4 | — | — | — | — |
| postgresql-8.1 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |
PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.
3 affected packages
postgresql, postgresql-8.1, postgresql-8.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql | — | — | — | — |
| postgresql-8.1 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |
The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which...
5 affected packages
postgresql, postgresql-7.4, postgresql-8.0, postgresql-8.1, postgresql-8.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql | — | — | — | — |
| postgresql-7.4 | — | — | — | — |
| postgresql-8.0 | — | — | — | — |
| postgresql-8.1 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character...
6 affected packages
postgresql-8.1, postgresql, postgresql-7.4, postgresql-8.0, postgresql-8.2, postgresql-common
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.1 | — | — | — | — |
| postgresql | — | — | — | — |
| postgresql-7.4 | — | — | — | — |
| postgresql-8.0 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |
| postgresql-common | — | — | — | — |
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a...
5 affected packages
postgresql, postgresql-7.4, postgresql-8.0, postgresql-8.1, postgresql-8.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql | — | — | — | — |
| postgresql-7.4 | — | — | — | — |
| postgresql-8.0 | — | — | — | — |
| postgresql-8.1 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |