Search CVE reports
1 – 10 of 27 results
PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and...
4 affected packages
postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.2 | — | — | — | — |
| postgresql-8.3 | — | — | — | — |
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors...
4 affected packages
postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.2 | — | — | — | — |
| postgresql-8.3 | — | — | — | — |
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2)...
4 affected packages
postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.2 | — | — | — | — |
| postgresql-8.3 | — | — | — | — |
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
Some fixes available 7 of 9
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified...
4 affected packages
postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.2 | — | — | — | — |
| postgresql-8.3 | — | — | — | — |
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify...
4 affected packages
postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.2 | — | — | — | — |
| postgresql-8.3 | — | — | — | — |
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
Some fixes available 6 of 8
PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with...
4 affected packages
postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.2 | — | — | — | — |
| postgresql-8.3 | — | — | — | — |
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
Some fixes available 6 of 8
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of...
4 affected packages
postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.2 | — | — | — | — |
| postgresql-8.3 | — | — | — | — |
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
Some fixes available 6 of 8
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify...
4 affected packages
postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.2 | — | — | — | — |
| postgresql-8.3 | — | — | — | — |
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
Some fixes available 6 of 8
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes...
4 affected packages
postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.2 | — | — | — | — |
| postgresql-8.3 | — | — | — | — |
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |
Some fixes available 10 of 13
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which...
5 affected packages
php5, postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |
| postgresql-8.3 | — | — | — | — |
| postgresql-8.4 | — | — | — | — |
| postgresql-9.1 | — | — | — | — |