CVE search results

81 – 90 of 92 results

Detailed view

Sort by:

CVE-2013-1901

Medium priority

Fixed

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2)...

4 affected packages

postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
postgresql-8.2	—	—	—	—	—
postgresql-8.3	—	—	—	—	—
postgresql-8.4	—	—	—	—	—
postgresql-9.1	—	—	—	—	—

CVE-2013-1900

Medium priority

Some fixes available 7 of 9

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified...

4 affected packages

postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
postgresql-8.2	—	—	—	—	—
postgresql-8.3	—	—	—	—	—
postgresql-8.4	—	—	—	—	—
postgresql-9.1	—	—	—	—	—

CVE-2013-1899

High priority

Fixed

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify...

4 affected packages

postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
postgresql-8.2	—	—	—	—	—
postgresql-8.3	—	—	—	—	—
postgresql-8.4	—	—	—	—	—
postgresql-9.1	—	—	—	—	—

CVE-2013-0255

Medium priority

Some fixes available 6 of 8

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with...

4 affected packages

postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
postgresql-8.2	—	—	—	—	—
postgresql-8.3	—	—	—	—	—
postgresql-8.4	—	—	—	—	—
postgresql-9.1	—	—	—	—	—

CVE-2012-3489

Medium priority

Some fixes available 6 of 8

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of...

4 affected packages

postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
postgresql-8.2	—	—	—	—	—
postgresql-8.3	—	—	—	—	—
postgresql-8.4	—	—	—	—	—
postgresql-9.1	—	—	—	—	—

CVE-2012-3488

Medium priority

Some fixes available 6 of 8

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify...

4 affected packages

postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
postgresql-8.2	—	—	—	—	—
postgresql-8.3	—	—	—	—	—
postgresql-8.4	—	—	—	—	—
postgresql-9.1	—	—	—	—	—

CVE-2012-2655

Medium priority

Some fixes available 6 of 8

PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes...

4 affected packages

postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
postgresql-8.2	—	—	—	—	—
postgresql-8.3	—	—	—	—	—
postgresql-8.4	—	—	—	—	—
postgresql-9.1	—	—	—	—	—

CVE-2012-2143

Medium priority

Some fixes available 10 of 13

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which...

5 affected packages

php5, postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	—
postgresql-8.2	—	—	—	—	—
postgresql-8.3	—	—	—	—	—
postgresql-8.4	—	—	—	—	—
postgresql-9.1	—	—	—	—	—

CVE-2012-0868

Medium priority

Some fixes available 8 of 10

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file...

4 affected packages

postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
postgresql-8.2	—	—	—	—	—
postgresql-8.3	—	—	—	—	—
postgresql-8.4	—	—	—	—	—
postgresql-9.1	—	—	—	—	—

CVE-2012-0867

Medium priority

Some fixes available 7 of 9

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is...

4 affected packages

postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
postgresql-8.2	—	—	—	—	—
postgresql-8.3	—	—	—	—	—
postgresql-8.4	—	—	—	—	—
postgresql-9.1	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports