Search CVE reports
51 – 52 of 52 results
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar...
5 affected packages
postgresql-10, postgresql-12, postgresql-9.1, postgresql-9.3, postgresql-9.5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| postgresql-10 | — | — | — | Not in release | Fixed |
| postgresql-12 | — | — | — | Fixed | Not in release |
| postgresql-9.1 | — | — | — | Not in release | Not in release |
| postgresql-9.3 | — | — | — | Not in release | Not in release |
| postgresql-9.5 | — | — | — | Not in release | Not in release |
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as...
6 affected packages
postgresql-12, postgresql-10, postgresql-11, postgresql-9.5, postgresql-9.1, postgresql-9.3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| postgresql-12 | — | — | — | — | Not in release |
| postgresql-10 | — | — | — | — | Fixed |
| postgresql-11 | — | — | — | — | Not in release |
| postgresql-9.5 | — | — | — | — | Not in release |
| postgresql-9.1 | — | — | — | — | Not in release |
| postgresql-9.3 | — | — | — | — | Not in release |