High severity8.8NVD Advisory· Published Feb 17, 2016· Updated May 6, 2026
CVE-2016-0766
CVE-2016-0766
Description
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2016/dsa-3475nvdThird Party Advisory
- www.debian.org/security/2016/dsa-3476nvdThird Party Advisory
- www.postgresql.org/about/news/1644/nvdVendor Advisory
- www.postgresql.org/docs/current/static/release-9-1-20.htmlnvdVendor Advisory
- www.postgresql.org/docs/current/static/release-9-2-15.htmlnvdVendor Advisory
- www.postgresql.org/docs/current/static/release-9-3-11.htmlnvdVendor Advisory
- www.postgresql.org/docs/current/static/release-9-4-6.htmlnvdVendor Advisory
- www.postgresql.org/docs/current/static/release-9-5-1.htmlnvdVendor Advisory
- www.securityfocus.com/bid/83184nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1035005nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2894-1nvdThird Party Advisory
- security.gentoo.org/glsa/201701-33nvdThird Party Advisory
News mentions
0No linked articles in our index yet.