VYPR

rpm package

opensuse/postgresql10&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Tumbleweed

Vulnerabilities (24)

  • CVE-2018-1053HigFeb 9, 2018
    affected < 10.18-1.3fixed 10.18-1.3

    In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, an

  • CVE-2018-1052MedFeb 9, 2018
    affected < 10.18-1.3fixed 10.18-1.3

    Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.

  • CVE-2017-15099MedNov 22, 2017
    affected < 10.18-1.3fixed 10.18-1.3

    INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT

  • CVE-2017-15098HigNov 22, 2017
    affected < 10.18-1.3fixed 10.18-1.3

    Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

Page 2 of 2