Search CVE reports
31 – 32 of 32 results
CVE-2020-14349
Medium priorityIt was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar...
5 affected packages
postgresql-10, postgresql-12, postgresql-9.1, postgresql-9.3, postgresql-9.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| postgresql-10 | — | — | Not in release | Fixed | Not in release |
| postgresql-12 | — | — | Fixed | Not in release | Not in release |
| postgresql-9.1 | — | — | Not in release | Not in release | Not in release |
| postgresql-9.3 | — | — | Not in release | Not in release | Not in release |
| postgresql-9.5 | — | — | Not in release | Not in release | Not affected |
CVE-2020-1720
Medium priorityA flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as...
6 affected packages
postgresql-10, postgresql-11, postgresql-12, postgresql-9.1, postgresql-9.3, postgresql-9.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| postgresql-10 | — | — | — | Fixed | Not in release |
| postgresql-11 | — | — | — | Not in release | Not in release |
| postgresql-12 | — | — | — | Not in release | Not in release |
| postgresql-9.1 | — | — | — | Not in release | Not in release |
| postgresql-9.3 | — | — | — | Not in release | Not in release |
| postgresql-9.5 | — | — | — | Not in release | Not affected |