Search CVE reports
1 – 10 of 67 results
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql...
7 affected packages
postgresql-17, postgresql-16, postgresql-14, postgresql-12, postgresql-10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-17 | Not in release | Not in release | — | — |
| postgresql-16 | Needs evaluation | Not in release | — | — |
| postgresql-14 | Not in release | Needs evaluation | — | — |
| postgresql-12 | Not in release | Not in release | Needs evaluation | — |
| postgresql-10 | Not in release | Not in release | — | Needs evaluation |
| postgresql-9.5 | Not in release | Not in release | — | — |
| postgresql-9.3 | Not in release | Not in release | — | — |
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via...
7 affected packages
postgresql-17, postgresql-16, postgresql-14, postgresql-12, postgresql-10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-17 | Not in release | Not in release | — | — |
| postgresql-16 | Needs evaluation | Not in release | — | — |
| postgresql-14 | Not in release | Needs evaluation | — | — |
| postgresql-12 | Not in release | Not in release | Needs evaluation | — |
| postgresql-10 | Not in release | Not in release | — | Needs evaluation |
| postgresql-9.5 | Not in release | Not in release | — | — |
| postgresql-9.3 | Not in release | Not in release | — | — |
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. ...
7 affected packages
postgresql-17, postgresql-16, postgresql-14, postgresql-12, postgresql-10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-17 | Not in release | Not in release | — | — |
| postgresql-16 | Needs evaluation | Not in release | — | — |
| postgresql-14 | Not in release | Needs evaluation | — | — |
| postgresql-12 | Not in release | Not in release | Needs evaluation | — |
| postgresql-10 | Not in release | Not in release | — | Needs evaluation |
| postgresql-9.5 | Not in release | Not in release | — | — |
| postgresql-9.3 | Not in release | Not in release | — | — |
Some fixes available 5 of 8
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database...
7 affected packages
postgresql-17, postgresql-16, postgresql-14, postgresql-12, postgresql-10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-17 | Not in release | Not in release | Not in release | — |
| postgresql-16 | Fixed | Not in release | Not in release | — |
| postgresql-14 | Not in release | Fixed | Not in release | — |
| postgresql-12 | Not in release | Not in release | Fixed | — |
| postgresql-10 | Not in release | Not in release | Not in release | Needs evaluation |
| postgresql-9.5 | Not in release | Not in release | Not in release | — |
| postgresql-9.3 | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 7
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage...
7 affected packages
postgresql-17, postgresql-16, postgresql-14, postgresql-12, postgresql-10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-17 | Not in release | Not in release | Not in release | — |
| postgresql-16 | Fixed | Not in release | Not in release | — |
| postgresql-14 | Not in release | Fixed | Not in release | — |
| postgresql-12 | Not in release | Not in release | Fixed | — |
| postgresql-10 | Not in release | Not in release | Not in release | Fixed |
| postgresql-9.5 | Not in release | Not in release | Not in release | — |
| postgresql-9.3 | Not in release | Not in release | Not in release | — |
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another...
7 affected packages
postgresql-16, postgresql-14, postgresql-12, postgresql-10, postgresql-9.5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-16 | Fixed | Not in release | Not in release | — |
| postgresql-14 | Not in release | Fixed | Not in release | — |
| postgresql-12 | Not in release | Not in release | Fixed | — |
| postgresql-10 | Not in release | Not in release | Not in release | Fixed |
| postgresql-9.5 | Not in release | Not in release | Not in release | — |
| postgresql-9.3 | Not in release | Not in release | Not in release | — |
| postgresql-9.1 | Not in release | Not in release | Not in release | — |
Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most...
8 affected packages
postgresql-16, postgresql-15, postgresql-14, postgresql-12, postgresql-10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-16 | Fixed | Not in release | Not in release | — |
| postgresql-15 | Not in release | Not in release | Not in release | — |
| postgresql-14 | Not in release | Fixed | Not in release | — |
| postgresql-12 | Not in release | Not in release | Not affected | — |
| postgresql-10 | Not in release | Not in release | Not in release | Not affected |
| postgresql-9.5 | Not in release | Not in release | Not in release | — |
| postgresql-9.3 | Not in release | Not in release | Not in release | — |
| postgresql-9.1 | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 7
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if...
8 affected packages
postgresql-16, postgresql-14, postgresql-12, postgresql-10, postgresql-9.5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-16 | Fixed | Not in release | Not in release | — |
| postgresql-14 | Not in release | Fixed | Not in release | — |
| postgresql-12 | Not in release | Not in release | Fixed | — |
| postgresql-10 | Not in release | Not in release | Not in release | Needs evaluation |
| postgresql-9.5 | Not in release | Not in release | Not in release | — |
| postgresql-9.3 | Not in release | Not in release | Not in release | — |
| postgresql-9.1 | Not in release | Not in release | Not in release | — |
| postgresql-17 | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 7
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an...
8 affected packages
postgresql-16, postgresql-14, postgresql-12, postgresql-10, postgresql-9.5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-16 | Fixed | Not in release | Not in release | — |
| postgresql-14 | Not in release | Fixed | Not in release | — |
| postgresql-12 | Not in release | Not in release | Fixed | — |
| postgresql-10 | Not in release | Not in release | Not in release | Needs evaluation |
| postgresql-9.5 | Not in release | Not in release | Not in release | — |
| postgresql-9.3 | Not in release | Not in release | Not in release | — |
| postgresql-9.1 | Not in release | Not in release | Not in release | — |
| postgresql-17 | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 7
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a...
8 affected packages
postgresql-16, postgresql-14, postgresql-12, postgresql-10, postgresql-9.5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-16 | Fixed | Not in release | Not in release | — |
| postgresql-14 | Not in release | Fixed | Not in release | — |
| postgresql-12 | Not in release | Not in release | Fixed | — |
| postgresql-10 | Not in release | Not in release | Not in release | Needs evaluation |
| postgresql-9.5 | Not in release | Not in release | Not in release | — |
| postgresql-9.3 | Not in release | Not in release | Not in release | — |
| postgresql-9.1 | Not in release | Not in release | Not in release | — |
| postgresql-17 | Not in release | Not in release | Not in release | — |