VulnerableCode Package Details - pkg:generic/postgresql@9.3.17

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-etyx-9bbz-aaam	PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.	CVE-2017-7486
VCID-mm2s-tcve-aaap	It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.	CVE-2017-7484
VCID-mnr8-muzu-aaap	In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.	CVE-2017-7485

Vulnerability

Summary

Aliases

VCID-etyx-9bbz-aaam

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

CVE-2017-7486

VCID-mm2s-tcve-aaap

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

CVE-2017-7484

VCID-mnr8-muzu-aaap

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.

CVE-2017-7485

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:42:15.572003+00:00	PostgreSQL Importer	Fixing	VCID-mm2s-tcve-aaap	https://www.postgresql.org/support/security/CVE-2017-7484	36.0.0
2025-03-28T07:42:15.423361+00:00	PostgreSQL Importer	Fixing	VCID-mnr8-muzu-aaap	https://www.postgresql.org/support/security/CVE-2017-7485	36.0.0
2025-03-28T07:42:15.256356+00:00	PostgreSQL Importer	Fixing	VCID-etyx-9bbz-aaam	https://www.postgresql.org/support/security/CVE-2017-7486	36.0.0
2024-09-18T01:54:40.544336+00:00	PostgreSQL Importer	Fixing	VCID-mm2s-tcve-aaap	https://www.postgresql.org/support/security/CVE-2017-7484	34.0.1
2024-09-18T01:54:40.394990+00:00	PostgreSQL Importer	Fixing	VCID-mnr8-muzu-aaap	https://www.postgresql.org/support/security/CVE-2017-7485	34.0.1
2024-09-18T01:54:40.230453+00:00	PostgreSQL Importer	Fixing	VCID-etyx-9bbz-aaam	https://www.postgresql.org/support/security/CVE-2017-7486	34.0.1
2024-01-03T22:23:14.019035+00:00	PostgreSQL Importer	Fixing	VCID-mnr8-muzu-aaap	https://www.postgresql.org/support/security/CVE-2017-7485	34.0.0rc1
2024-01-03T22:22:53.734500+00:00	PostgreSQL Importer	Fixing	VCID-mm2s-tcve-aaap	https://www.postgresql.org/support/security/CVE-2017-7484	34.0.0rc1
2024-01-03T22:22:53.548570+00:00	PostgreSQL Importer	Fixing	VCID-etyx-9bbz-aaam	https://www.postgresql.org/support/security/CVE-2017-7486	34.0.0rc1