VulnerableCode Package Details - pkg:deb/debian/postgresql-9.6@9.6.17-0%2Bdeb9u1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-324w-r3eu-aaac	A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.	CVE-2019-10130
VCID-6sdf-4fh4-aaah	Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.	CVE-2017-15098
VCID-adu8-5csv-aaaf	INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.	CVE-2017-15099
VCID-c6cj-4u8q-aaap	A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.	CVE-2018-10915
VCID-t58g-h1vm-aaaa	A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.	CVE-2020-1720
VCID-w4q3-kj53-aaaa	It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.	CVE-2018-10925
VCID-x1qm-g99a-aaar	A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.	CVE-2019-10208

Vulnerability

Summary

Aliases

VCID-324w-r3eu-aaac

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.

CVE-2019-10130

VCID-6sdf-4fh4-aaah

Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

CVE-2017-15098

VCID-adu8-5csv-aaaf

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.

CVE-2017-15099

VCID-c6cj-4u8q-aaap

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

CVE-2018-10915

VCID-t58g-h1vm-aaaa

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.

CVE-2020-1720

VCID-w4q3-kj53-aaaa

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.

CVE-2018-10925

VCID-x1qm-g99a-aaar

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

CVE-2019-10208

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T10:58:38.583768+00:00	Debian Oval Importer	Fixing	VCID-adu8-5csv-aaaf	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:40:20.136315+00:00	Debian Oval Importer	Fixing	VCID-t58g-h1vm-aaaa	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:33:20.837480+00:00	Debian Oval Importer	Fixing	VCID-x1qm-g99a-aaar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:17:49.264994+00:00	Debian Oval Importer	Fixing	VCID-w4q3-kj53-aaaa	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:15:55.288619+00:00	Debian Oval Importer	Fixing	VCID-c6cj-4u8q-aaap	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:13:28.337447+00:00	Debian Oval Importer	Fixing	VCID-6sdf-4fh4-aaah	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:13:16.317897+00:00	Debian Oval Importer	Fixing	VCID-324w-r3eu-aaac	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-20T20:13:34.831945+00:00	Debian Oval Importer	Fixing	VCID-6sdf-4fh4-aaah	None	36.1.3
2025-06-20T20:05:57.116209+00:00	Debian Oval Importer	Fixing	VCID-x1qm-g99a-aaar	None	36.1.3
2025-06-20T20:03:21.914625+00:00	Debian Oval Importer	Fixing	VCID-c6cj-4u8q-aaap	None	36.1.3
2025-06-20T20:00:34.517096+00:00	Debian Oval Importer	Fixing	VCID-324w-r3eu-aaac	None	36.1.3
2025-06-20T19:55:59.959928+00:00	Debian Oval Importer	Fixing	VCID-t58g-h1vm-aaaa	None	36.1.3
2025-06-08T04:31:24.165300+00:00	Debian Oval Importer	Fixing	VCID-adu8-5csv-aaaf	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:20:03.503652+00:00	Debian Oval Importer	Fixing	VCID-t58g-h1vm-aaaa	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:15:54.601033+00:00	Debian Oval Importer	Fixing	VCID-x1qm-g99a-aaar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:05:32.830630+00:00	Debian Oval Importer	Fixing	VCID-w4q3-kj53-aaaa	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:04:05.532107+00:00	Debian Oval Importer	Fixing	VCID-c6cj-4u8q-aaap	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:02:25.064656+00:00	Debian Oval Importer	Fixing	VCID-6sdf-4fh4-aaah	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:02:13.252202+00:00	Debian Oval Importer	Fixing	VCID-324w-r3eu-aaac	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-07T13:54:59.107175+00:00	Debian Oval Importer	Fixing	VCID-6sdf-4fh4-aaah	None	36.1.0
2025-06-07T13:52:23.293881+00:00	Debian Oval Importer	Fixing	VCID-x1qm-g99a-aaar	None	36.1.0
2025-06-07T13:51:00.168250+00:00	Debian Oval Importer	Fixing	VCID-c6cj-4u8q-aaap	None	36.1.0
2025-06-07T13:49:35.094704+00:00	Debian Oval Importer	Fixing	VCID-324w-r3eu-aaac	None	36.1.0
2025-06-07T13:46:15.915476+00:00	Debian Oval Importer	Fixing	VCID-t58g-h1vm-aaaa	None	36.1.0
2025-04-08T03:01:46.403022+00:00	Debian Oval Importer	Fixing	VCID-adu8-5csv-aaaf	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:49:34.241579+00:00	Debian Oval Importer	Fixing	VCID-t58g-h1vm-aaaa	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:45:11.719157+00:00	Debian Oval Importer	Fixing	VCID-x1qm-g99a-aaar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:33:58.390209+00:00	Debian Oval Importer	Fixing	VCID-w4q3-kj53-aaaa	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:32:29.915309+00:00	Debian Oval Importer	Fixing	VCID-c6cj-4u8q-aaap	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:30:46.671342+00:00	Debian Oval Importer	Fixing	VCID-6sdf-4fh4-aaah	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:30:34.271838+00:00	Debian Oval Importer	Fixing	VCID-324w-r3eu-aaac	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-07T12:29:45.630020+00:00	Debian Oval Importer	Fixing	VCID-6sdf-4fh4-aaah	None	36.0.0
2025-04-07T12:27:17.033815+00:00	Debian Oval Importer	Fixing	VCID-x1qm-g99a-aaar	None	36.0.0
2025-04-07T12:25:56.160729+00:00	Debian Oval Importer	Fixing	VCID-c6cj-4u8q-aaap	None	36.0.0
2025-04-07T12:24:34.109861+00:00	Debian Oval Importer	Fixing	VCID-324w-r3eu-aaac	None	36.0.0
2025-04-07T12:21:26.713493+00:00	Debian Oval Importer	Fixing	VCID-t58g-h1vm-aaaa	None	36.0.0