PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 984
GHSA-xcqr-pm35-6p88
Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.
GHSA-5px2-4wrg-vxxc
Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code.
GHSA-927w-qm35-gg94
Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2).
GHSA-83mr-c9w5-46g4
Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.
GHSA-m4fw-hwf8-whx3
Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad.
GHSA-8w3r-p439-x2rh
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.
GHSA-9ccp-985w-grj6
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
GHSA-p674-c6w9-wwgg
Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file.
GHSA-6j7m-4j6m-84cw
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
GHSA-83x8-fwcx-3pmf
Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows remote attackers to cause a denial of service (crash).
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-xcqr-pm35-6p88 Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow. | 1% Низкий | почти 4 года назад | |
| GHSA-5px2-4wrg-vxxc Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code. | 0% Низкий | почти 4 года назад | |
| GHSA-927w-qm35-gg94 Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2). | 0% Низкий | почти 4 года назад | |
| GHSA-83mr-c9w5-46g4 Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow. | 1% Низкий | почти 4 года назад | |
| GHSA-m4fw-hwf8-whx3 Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad. | 0% Низкий | почти 4 года назад | |
| GHSA-8w3r-p439-x2rh The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. | 0% Низкий | почти 4 года назад | |
| GHSA-9ccp-985w-grj6 PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases. | 1% Низкий | почти 4 года назад | |
| GHSA-p674-c6w9-wwgg Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file. | 0% Низкий | почти 4 года назад | |
| GHSA-6j7m-4j6m-84cw The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. | 0% Низкий | почти 4 года назад | |
| GHSA-83x8-fwcx-3pmf Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows remote attackers to cause a denial of service (crash). | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу