Описание
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | not-affected | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | not-affected | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | not-affected | |
| oneiric | not-affected | |
| precise | not-affected | |
| quantal | DNE | |
| upstream | released | 8.4.17 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 9.1.9-1ubuntu1 |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | released | 9.1.9-0ubuntu11.10 |
| precise | released | 9.1.9-0ubuntu12.04 |
| quantal | released | 9.1.9-0ubuntu12.10 |
| upstream | released | 9.1.9 |
Показывать по
EPSS
6.5 Medium
CVSS2
Связанные уязвимости
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1 ...
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
6.5 Medium
CVSS2