Search CVE reports
1 – 4 of 4 results
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
1 affected package
postgresql-common
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-common | — | — | — | Fixed |
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic...
1 affected package
postgresql-common
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-common | — | — | — | — |
Some fixes available 2 of 4
The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before...
1 affected package
postgresql-common
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-common | — | — | — | — |
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character...
6 affected packages
postgresql-8.1, postgresql, postgresql-7.4, postgresql-8.0, postgresql-8.2, postgresql-common
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-8.1 | — | — | — | — |
| postgresql | — | — | — | — |
| postgresql-7.4 | — | — | — | — |
| postgresql-8.0 | — | — | — | — |
| postgresql-8.2 | — | — | — | — |
| postgresql-common | — | — | — | — |