VYPR

rpm package

suse/postgresql12&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Vulnerabilities (23)

  • CVE-2020-25694Nov 16, 2020
    affected < 12.5-3.9.3fixed 12.5-3.9.3

    A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant paramet

  • CVE-2020-14350Aug 24, 2020
    affected < 12.5-3.9.3fixed 12.5-3.9.3

    It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such exte

  • CVE-2020-14349Aug 24, 2020
    affected < 12.5-3.9.3fixed 12.5-3.9.3

    It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in

Page 2 of 2