postgresql

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Sophisticated object-relational DBMS
Version 16.6-1 [extra-testing]
16.3-4 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2719 14.2-1 14.3-1 High Fixed
AVG-2547 13.4-6 13.5-1 Low Fixed
AVG-2546 13.4-6 13.5-1 High Fixed
AVG-2290 13.3-3 13.4-1 Medium Fixed
AVG-1956 13.2-2 13.3-1 Medium Fixed
AVG-1567 13.1-3 13.2-1 Medium Fixed
AVG-1276 12.4-2 12.5-1 High Fixed
AVG-1019 11.4-1 11.5-1 Medium Fixed
AVG-643 10.2-1 10.3-1 High Fixed
AVG-487 10.0-1 10.1-1 High Not affected
AVG-485 10.0-1 10.1-1 Medium Fixed
AVG-381 9.6.3-3 9.6.4-1 High Fixed
AVG-272 9.6.2-1 9.6.3-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2022-1552 AVG-2719 High Yes Privilege escalation
Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck made incomplete efforts to operate safely when a privileged user is...
CVE-2021-32029 AVG-1956 Medium Yes Information disclosure
A security issue was found in PostgreSQL before version 13.3. Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read...
CVE-2021-32028 AVG-1956 Medium Yes Information disclosure
A security issue was found in PostgreSQL before version 13.3. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker...
CVE-2021-32027 AVG-1956 Medium Yes Arbitrary code execution
A security issue was found in PostgreSQL before version 13.3. While modifying certain SQL array values, missing bounds checks let authenticated database...
CVE-2021-23222 AVG-2547 Low Yes Man-in-the-middle
A security issue has been found in PostgreSQL versions 9.6 up to 14. A man-in-the-middle attacker can inject false responses to the client's first few...
CVE-2021-23214 AVG-2546 High Yes Man-in-the-middle
A security issue has been found in PostgreSQL versions 9.6 up to 14. When the server is configured to use trust authentication with a clientcert requirement...
CVE-2021-20229 AVG-1567 Medium Yes Information disclosure
A security issue was found in  PostgreSQL 13 before version 13.2. A user having a SELECT privilege on an individual column can craft a special query that...
CVE-2021-3677 AVG-2290 Medium Yes Information disclosure
A security issue has been found in PostgreSQL before version 13.4. A purpose-crafted query can read arbitrary bytes of server memory. In the default...
CVE-2021-3393 AVG-1567 Medium Yes Information disclosure
A security issue was found in PostgreSQL 11 to 13 before version 13.2. A user having an UPDATE privilege on a partitioned table but lacking the SELECT...
CVE-2020-25696 AVG-1276 Medium Yes Arbitrary code execution
A security issue has been found in PostgreSQL before 12.5, where psql's \gset allows overwriting specially treated variables. The \gset meta-command, which...
CVE-2020-25695 AVG-1276 High Yes Sandbox escape
A security issue has been found in PostgreSQL before 12.5, where an attacker having permission to create non-temporary objects in at least one schema can...
CVE-2020-25694 AVG-1276 Low Yes Silent downgrade
A security issue has been found in PostgreSQL before 12.5. Many PostgreSQL-provided client applications have options that create additional database...
CVE-2019-10209 AVG-1019 Low Yes Information disclosure
An issue has been found in PostgreSQL >= 11.0 and < 11.5. In a database containing hypothetical, user-defined hash equality operators, an attacker could...
CVE-2019-10208 AVG-1019 Medium Yes Access restriction bypass
A security issue has been found in PostgreSQL < 11.5 where given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the...
CVE-2018-1058 AVG-643 High Yes Privilege escalation
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw...
CVE-2017-15099 AVG-485 Medium Yes Access restriction bypass
An access restriction bypass vulnerability has been discovered in PostgreSQL, the "INSERT ... ON CONFLICT DO UPDATE" would not check to see if the executing...
CVE-2017-15098 AVG-485 Medium Yes Information disclosure
A denial of service and potential memory disclosure vulnerability has been discovered in PostgreSQL in the json_populate_recordset() and...
CVE-2017-12172 AVG-487 High No Privilege escalation
A vulnerability has been discovered in PostgreSQL when the startup log file for the postmaster (in newer releases, "postgres") process was opened while the...
CVE-2017-7548 AVG-381 Medium Yes Access restriction bypass
An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could...
CVE-2017-7547 AVG-381 High Yes Information disclosure
An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could...
CVE-2017-7546 AVG-381 Medium Yes Authentication bypass
It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A...
CVE-2017-7486 AVG-272 Medium Yes Information disclosure
A security issue has been found in PostgreSQL < 9.6.3, where the pg_user_mappings view disclosed user mapping options to any user having USAGE privilege on...
CVE-2017-7484 AVG-272 Medium Yes Information disclosure
A security issue has been found in PostgreSQL < 9.6.3, where some selectivity estimation functions did not check user privileges before providing...

Advisories

Date Advisory Group Severity Type
04 Apr 2022 ASA-202204-1 AVG-2546 High man-in-the-middle
01 Jun 2021 ASA-202106-15 AVG-1956 Medium multiple issues
20 Feb 2021 ASA-202102-31 AVG-1567 Medium information disclosure
17 Nov 2020 ASA-202011-14 AVG-1276 High multiple issues
10 Aug 2019 ASA-201908-8 AVG-1019 Medium multiple issues
11 Mar 2018 ASA-201803-9 AVG-643 High privilege escalation
10 Nov 2017 ASA-201711-17 AVG-485 Medium multiple issues
06 Sep 2017 ASA-201709-2 AVG-381 High multiple issues
30 May 2017 ASA-201705-23 AVG-272 Medium information disclosure