postgresql

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Sophisticated object-relational DBMS
Version 11.5-3 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1019 11.4-1 11.5-1 Medium Fixed
AVG-643 10.2-1 10.3-1 High Fixed
AVG-487 10.0-1 10.1-1 High Not affected
AVG-485 10.0-1 10.1-1 Medium Fixed
AVG-381 9.6.3-3 9.6.4-1 High Fixed
AVG-272 9.6.2-1 9.6.3-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2019-10209 AVG-1019 Low Yes Information disclosure
An issue has been found in PostgreSQL >= 11.0 and < 11.5. In a database containing hypothetical, user-defined hash equality operators, an attacker could...
CVE-2019-10208 AVG-1019 Medium Yes Access restriction bypass
A security issue has been found in PostgreSQL < 11.5 where given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the...
CVE-2018-1058 AVG-643 High Yes Privilege escalation
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw...
CVE-2017-15099 AVG-485 Medium Yes Access restriction bypass
An access restriction bypass vulnerability has been discovered in PostgreSQL, the "INSERT ... ON CONFLICT DO UPDATE" would not check to see if the executing...
CVE-2017-15098 AVG-485 Medium Yes Information disclosure
A denial of service and potential memory disclosure vulnerability has been discovered in PostgreSQL in the json_populate_recordset() and...
CVE-2017-12172 AVG-487 High No Privilege escalation
A vulnerability has been discovered in PostgreSQL when the startup log file for the postmaster (in newer releases, "postgres") process was opened while the...
CVE-2017-7548 AVG-381 Medium Yes Access restriction bypass
An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could...
CVE-2017-7547 AVG-381 High Yes Information disclosure
An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could...
CVE-2017-7546 AVG-381 Medium Yes Authentication bypass
It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A...
CVE-2017-7486 AVG-272 Medium Yes Information disclosure
A security issue has been found in PostgreSQL < 9.6.3, where the pg_user_mappings view disclosed user mapping options to any user having USAGE privilege on...
CVE-2017-7484 AVG-272 Medium Yes Information disclosure
A security issue has been found in PostgreSQL < 9.6.3, where some selectivity estimation functions did not check user privileges before providing...

Advisories

Date Advisory Group Severity Description
10 Aug 2019 ASA-201908-8 AVG-1019 Medium multiple issues
11 Mar 2018 ASA-201803-9 AVG-643 High privilege escalation
10 Nov 2017 ASA-201711-17 AVG-485 Medium multiple issues
06 Sep 2017 ASA-201709-2 AVG-381 High multiple issues
30 May 2017 ASA-201705-23 AVG-272 Medium information disclosure