PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 984
SUSE-SU-2023:3348-1
Security update for postgresql15
SUSE-SU-2023:3346-1
Security update for postgresql12
SUSE-SU-2023:3345-1
Security update for postgresql15
SUSE-SU-2023:3344-1
Security update for postgresql15
SUSE-SU-2023:3343-1
Security update for postgresql15
SUSE-SU-2023:3341-1
Security update for postgresql12
GHSA-chgx-7cw3-hr55
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
GHSA-jx3x-j983-74m3
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE comm ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | SUSE-SU-2023:3348-1 Security update for postgresql15 | 1% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:3346-1 Security update for postgresql12 | 1% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:3345-1 Security update for postgresql15 | 1% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:3344-1 Security update for postgresql15 | 1% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:3343-1 Security update for postgresql15 | 1% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:3341-1 Security update for postgresql12 | 1% Низкий | больше 2 лет назад | |
| GHSA-chgx-7cw3-hr55 A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. | CVSS3: 3.1 | 0% Низкий | больше 2 лет назад |
| GHSA-jx3x-j983-74m3 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | CVSS3: 7.5 | 1% Низкий | больше 2 лет назад |
 | CVE-2023-39418 A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. | CVSS3: 3.1 | 0% Низкий | больше 2 лет назад |
| CVE-2023-39418 A vulnerability was found in PostgreSQL with the use of the MERGE comm ... | CVSS3: 3.1 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу