Search for packages
| purl | pkg:deb/ubuntu/postgresql-9.3@9.3.22-0ubuntu0.14.04 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-c6cj-4u8q-aaap
Aliases: CVE-2018-10915 |
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. |
Affected by 2 other vulnerabilities. |
|
VCID-jxde-hg99-aaap
Aliases: CVE-2016-3065 |
CVE-2016-3065 postgresql: memory disclosure in pageinspect functions | There are no reported fixed by versions. |
|
VCID-pyvh-7h7a-aaar
Aliases: CVE-2016-2193 |
CVE-2016-2193 postgresql: row security policies in prepared statements disregard user ID changes | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-284w-w9ec-aaaa | A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. |
CVE-2018-1058
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|