VulnerableCode Package Details - pkg:generic/postgresql@10.1.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4tv8-ga3v-aaar	PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.	CVE-2017-12172
VCID-6sdf-4fh4-aaah	Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.	CVE-2017-15098
VCID-adu8-5csv-aaaf	INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.	CVE-2017-15099

Vulnerability

Summary

Aliases

VCID-4tv8-ga3v-aaar

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

CVE-2017-12172

VCID-6sdf-4fh4-aaah

Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

CVE-2017-15098

VCID-adu8-5csv-aaaf

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.

CVE-2017-15099

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-25T18:29:51.111637+00:00	PostgreSQL Importer	Fixing	VCID-adu8-5csv-aaaf	https://www.postgresql.org/support/security/CVE-2017-15099	36.1.3
2025-06-25T18:29:47.557323+00:00	PostgreSQL Importer	Fixing	VCID-4tv8-ga3v-aaar	https://www.postgresql.org/support/security/CVE-2017-12172	36.1.3
2025-06-25T18:29:47.448484+00:00	PostgreSQL Importer	Fixing	VCID-6sdf-4fh4-aaah	https://www.postgresql.org/support/security/CVE-2017-15098	36.1.3
2025-06-04T05:59:12.891308+00:00	PostgreSQL Importer	Fixing	VCID-adu8-5csv-aaaf	https://www.postgresql.org/support/security/CVE-2017-15099	36.1.0
2025-06-04T05:59:10.647446+00:00	PostgreSQL Importer	Fixing	VCID-6sdf-4fh4-aaah	https://www.postgresql.org/support/security/CVE-2017-15098	36.1.0
2025-06-04T05:59:09.987434+00:00	PostgreSQL Importer	Fixing	VCID-4tv8-ga3v-aaar	https://www.postgresql.org/support/security/CVE-2017-12172	36.1.0
2025-06-02T20:35:52.831605+00:00	PostgreSQL Importer	Fixing	VCID-6sdf-4fh4-aaah	https://www.postgresql.org/support/security/CVE-2017-15098	36.1.2
2025-06-02T20:35:52.785654+00:00	PostgreSQL Importer	Fixing	VCID-adu8-5csv-aaaf	https://www.postgresql.org/support/security/CVE-2017-15099	36.1.2
2025-06-02T20:35:51.392896+00:00	PostgreSQL Importer	Fixing	VCID-4tv8-ga3v-aaar	https://www.postgresql.org/support/security/CVE-2017-12172	36.1.2
2025-03-28T07:42:14.467454+00:00	PostgreSQL Importer	Fixing	VCID-4tv8-ga3v-aaar	https://www.postgresql.org/support/security/CVE-2017-12172	36.0.0
2025-03-28T07:42:14.278513+00:00	PostgreSQL Importer	Fixing	VCID-6sdf-4fh4-aaah	https://www.postgresql.org/support/security/CVE-2017-15098	36.0.0
2025-03-28T07:42:14.181916+00:00	PostgreSQL Importer	Fixing	VCID-adu8-5csv-aaaf	https://www.postgresql.org/support/security/CVE-2017-15099	36.0.0
2024-09-18T01:54:37.444012+00:00	PostgreSQL Importer	Fixing	VCID-4tv8-ga3v-aaar	https://www.postgresql.org/support/security/CVE-2017-12172	34.0.1
2024-09-18T01:54:37.269523+00:00	PostgreSQL Importer	Fixing	VCID-6sdf-4fh4-aaah	https://www.postgresql.org/support/security/CVE-2017-15098	34.0.1
2024-09-18T01:54:37.177896+00:00	PostgreSQL Importer	Fixing	VCID-adu8-5csv-aaaf	https://www.postgresql.org/support/security/CVE-2017-15099	34.0.1
2024-01-03T22:23:34.748539+00:00	PostgreSQL Importer	Fixing	VCID-adu8-5csv-aaaf	https://www.postgresql.org/support/security/CVE-2017-15099	34.0.0rc1
2024-01-03T22:23:12.949903+00:00	PostgreSQL Importer	Fixing	VCID-6sdf-4fh4-aaah	https://www.postgresql.org/support/security/CVE-2017-15098	34.0.0rc1
2024-01-03T22:22:52.854999+00:00	PostgreSQL Importer	Fixing	VCID-4tv8-ga3v-aaar	https://www.postgresql.org/support/security/CVE-2017-12172	34.0.0rc1