pkg:Alpine/postgresql16

所有已知漏洞

• HIGH8.8CVE-2026-6638PostgreSQL REFRESH PUBLICATION allows SQL injection via table name
  from 0, < 16.14-r0
• HIGH8.8CVE-2026-6637PostgreSQL refint allows stack buffer overflow and SQL injection
  from 0, < 16.14-r0
• HIGH8.8CVE-2026-6477PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
  from 0, < 16.14-r0
• HIGH8.8CVE-2026-6475PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
  from 0, < 16.14-r0
• HIGH8.8CVE-2026-6473PostgreSQL server undersizes allocations, via integer wraparound
  from 0, < 16.14-r0
• HIGH8.8CVE-2026-2006PostgreSQL missing validation of multibyte character length executes arbitrary code
  from 0, < 16.12-r0
• HIGH8.8CVE-2026-2005PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
  from 0, < 16.12-r0
• HIGH8.8CVE-2026-2004PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
  from 0, < 16.12-r0
• HIGH8.8CVE-2025-8715PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server
  from 0, < 16.10-r0
• HIGH8.8CVE-2025-8714PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
  from 0, < 16.10-r0
• HIGH8.8CVE-2024-10979PostgreSQL PL/Perl environment variable changes execute arbitrary code
  from 0, < 16.5-r0
• HIGH8.8CVE-2023-5869Postgresql: buffer overrun from integer overflow in array modification
  from 0, < 16.1-r0
• HIGH8.2CVE-2026-2007PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
  from 0, < 16.12-r0
• HIGH8.1CVE-2025-1094PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
  from 0, < 16.8-r0
• HIGH8.0CVE-2024-0985PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL
  from 0, < 16.2-r0
• HIGH7.5CVE-2026-6479PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
  from 0, < 16.14-r0
• HIGH7.5CVE-2024-7348PostgreSQL relation replacement during pg_dump executes arbitrary SQL
  from 0, < 16.4-r0
• MEDIUM6.5CVE-2026-6478PostgreSQL discloses MD5-hashed passwords via covert timing channel
  from 0, < 16.14-r0
• MEDIUM5.9CVE-2025-12818PostgreSQL libpq undersizes allocations, via integer wraparound
  from 0, < 16.11-r0
• MEDIUM5.9CVE-2025-4207PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
  from 0, < 16.9-r0
• MEDIUM5.4CVE-2026-6472PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
  from 0, < 16.14-r0
• MEDIUM5.4CVE-2024-10976PostgreSQL row security below e.g. subqueries disregards user ID changes
  from 0, < 16.5-r0
• MEDIUM4.4CVE-2023-5870Postgresql: role pg_signal_backend can signal certain superuser processes.
  from 0, < 16.1-r0
• MEDIUM4.3CVE-2026-6474PostgreSQL timeofday() can disclose portions of server memory
  from 0, < 16.14-r0
• MEDIUM4.3CVE-2026-2003PostgreSQL oidvector discloses a few bytes of memory
  from 0, < 16.12-r0
• MEDIUM4.3CVE-2023-5868Postgresql: memory disclosure in aggregate function calls
  from 0, < 16.1-r0
• MEDIUM4.2CVE-2024-10978PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
  from 0, < 16.5-r0
• LOW3.7CVE-2024-10977PostgreSQL libpq retains an error message from man-in-the-middle
  from 0, < 16.5-r0
• LOW3.1CVE-2025-12817PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
  from 0, < 16.11-r0
• LOW3.1CVE-2025-8713PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
  from 0, < 16.10-r0