Search CVE reports
21 – 24 of 24 results
Some fixes available 5 of 7
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if...
8 affected packages
postgresql-17, postgresql-16, postgresql-14, postgresql-12, postgresql-10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| postgresql-17 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-16 | Not in release | Fixed | Not in release | Not in release | — |
| postgresql-14 | Not in release | Not in release | Fixed | Not in release | — |
| postgresql-12 | Not in release | Not in release | Not in release | Fixed | — |
| postgresql-10 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| postgresql-9.5 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-9.3 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-9.1 | Not in release | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 7
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an...
8 affected packages
postgresql-16, postgresql-14, postgresql-12, postgresql-10, postgresql-9.5...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| postgresql-16 | Not in release | Fixed | Not in release | Not in release | — |
| postgresql-14 | Not in release | Not in release | Fixed | Not in release | — |
| postgresql-12 | Not in release | Not in release | Not in release | Fixed | — |
| postgresql-10 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| postgresql-9.5 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-9.3 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-9.1 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-17 | Not in release | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 7
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a...
8 affected packages
postgresql-16, postgresql-14, postgresql-12, postgresql-10, postgresql-9.5...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| postgresql-16 | Not in release | Fixed | Not in release | Not in release | — |
| postgresql-14 | Not in release | Not in release | Fixed | Not in release | — |
| postgresql-12 | Not in release | Not in release | Not in release | Fixed | — |
| postgresql-10 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| postgresql-9.5 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-9.3 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-9.1 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-17 | Not in release | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 7
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID...
8 affected packages
postgresql-16, postgresql-14, postgresql-12, postgresql-10, postgresql-9.5...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| postgresql-16 | Not in release | Fixed | Not in release | Not in release | — |
| postgresql-14 | Not in release | Not in release | Fixed | Not in release | — |
| postgresql-12 | Not in release | Not in release | Not in release | Fixed | — |
| postgresql-10 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| postgresql-9.5 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-9.3 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-9.1 | Not in release | Not in release | Not in release | Not in release | — |
| postgresql-17 | Not in release | Not in release | Not in release | Not in release | — |