High severity8.8NVD Advisory· Published Feb 17, 2016· Updated Jun 17, 2026
CVE-2016-0766
CVE-2016-0766
Description
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
36cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*range: >=9.1.0,<9.1.20
- cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*
- (no CPE)range: <9.1.20; >=9.2.0 <9.2.15; >=9.3.0 <9.3.11; >=9.4.0 <9.4.6; >=9.5.0 <9.5.1
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- osv-coords28 versionspkg:rpm/opensuse/postgresql93&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql94&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql95&distro=openSUSE%20Tumbleweedpkg:rpm/suse/postgresql93&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/postgresql93&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/postgresql93&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/postgresql93-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 9.3.15-1.1+ 27 more
- (no CPE)range: < 9.3.15-1.1
- (no CPE)range: < 9.4.10-1.1
- (no CPE)range: < 9.5.4-1.2
- (no CPE)range: < 9.3.11-14.2
- (no CPE)range: < 9.3.11-14.2
- (no CPE)range: < 9.3.11-14.2
- (no CPE)range: < 9.3.11-14.1
- (no CPE)range: < 9.4.6-0.14.3
- (no CPE)range: < 9.4.6-7.2
- (no CPE)range: < 9.4.6-7.2
- (no CPE)range: < 9.4.6-0.14.3
- (no CPE)range: < 9.4.6-7.2
- (no CPE)range: < 9.4.6-7.2
- (no CPE)range: < 9.4.6-0.14.3
- (no CPE)range: < 9.4.6-7.2
- (no CPE)range: < 9.4.6-7.2
- (no CPE)range: < 9.4.6-0.14.3
- (no CPE)range: < 9.4.6-7.1
- (no CPE)range: < 9.4.6-7.1
- (no CPE)range: < 9.4.6-0.14.3
- (no CPE)range: < 9.4.6-7.1
- (no CPE)range: < 9.4.6-7.1
- (no CPE)range: < 9.4.6-0.14.3
- (no CPE)range: < 9.4.6-7.1
- (no CPE)range: < 9.4.6-7.1
- (no CPE)range: < 9.4.6-0.14.3
- (no CPE)range: < 9.4.6-7.1
- (no CPE)range: < 9.4.6-7.1
Patches
Vulnerability mechanics
References
17- lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2016/dsa-3475nvdThird Party Advisory
- www.debian.org/security/2016/dsa-3476nvdThird Party Advisory
- www.postgresql.org/about/news/1644/nvdVendor Advisory
- www.postgresql.org/docs/current/static/release-9-1-20.htmlnvdVendor Advisory
- www.postgresql.org/docs/current/static/release-9-2-15.htmlnvdVendor Advisory
- www.postgresql.org/docs/current/static/release-9-3-11.htmlnvdVendor Advisory
- www.postgresql.org/docs/current/static/release-9-4-6.htmlnvdVendor Advisory
- www.postgresql.org/docs/current/static/release-9-5-1.htmlnvdVendor Advisory
- www.securityfocus.com/bid/83184nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1035005nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2894-1nvdThird Party Advisory
- security.gentoo.org/glsa/201701-33nvdThird Party Advisory
News mentions
0No linked articles in our index yet.