Search CVE reports

Toggle filters

1 – 6 of 6 results

CVE-2025-4207

Medium priority

Some fixes available 5 of 8

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database...

7 affected packages

postgresql-10, postgresql-12, postgresql-14, postgresql-16, postgresql-17...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-10 Not in release Not in release Not in release Needs evaluation
postgresql-12 Not in release Not in release Fixed
postgresql-14 Not in release Fixed Not in release
postgresql-16 Fixed Not in release Not in release
postgresql-17 Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release
postgresql-9.5 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2025-1094

Medium priority

Some fixes available 5 of 7

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage...

7 affected packages

postgresql-10, postgresql-12, postgresql-14, postgresql-16, postgresql-17...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-10 Not in release Not in release Not in release Fixed
postgresql-12 Not in release Not in release Fixed
postgresql-14 Not in release Fixed Not in release
postgresql-16 Fixed Not in release Not in release
postgresql-17 Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release
postgresql-9.5 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-10979

Medium priority

Some fixes available 5 of 7

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if...

8 affected packages

postgresql-10, postgresql-12, postgresql-14, postgresql-16, postgresql-17...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-10 Not in release Not in release Not in release Needs evaluation
postgresql-12 Not in release Not in release Fixed
postgresql-14 Not in release Fixed Not in release
postgresql-16 Fixed Not in release Not in release
postgresql-17 Not in release Not in release Not in release
postgresql-9.1 Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release
postgresql-9.5 Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2024-10978

Medium priority

Some fixes available 5 of 7

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an...

8 affected packages

postgresql-10, postgresql-12, postgresql-14, postgresql-16, postgresql-17...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-10 Not in release Not in release Not in release Needs evaluation
postgresql-12 Not in release Not in release Fixed
postgresql-14 Not in release Fixed Not in release
postgresql-16 Fixed Not in release Not in release
postgresql-17 Not in release Not in release Not in release
postgresql-9.1 Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release
postgresql-9.5 Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2024-10977

Medium priority

Some fixes available 5 of 7

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a...

8 affected packages

postgresql-10, postgresql-12, postgresql-14, postgresql-16, postgresql-17...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-10 Not in release Not in release Not in release Needs evaluation
postgresql-12 Not in release Not in release Fixed
postgresql-14 Not in release Fixed Not in release
postgresql-16 Fixed Not in release Not in release
postgresql-17 Not in release Not in release Not in release
postgresql-9.1 Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release
postgresql-9.5 Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2024-10976

Medium priority

Some fixes available 5 of 7

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID...

8 affected packages

postgresql-10, postgresql-12, postgresql-14, postgresql-16, postgresql-17...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-10 Not in release Not in release Not in release Needs evaluation
postgresql-12 Not in release Not in release Fixed
postgresql-14 Not in release Fixed Not in release
postgresql-16 Fixed Not in release Not in release
postgresql-17 Not in release Not in release Not in release
postgresql-9.1 Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release
postgresql-9.5 Not in release Not in release Not in release
Show all 8 packages Show less packages