PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 974
CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client' ...
CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
CVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.
GHSA-vmm8-82m2-pcp5
Use of a Broken or Risky Cryptographic Algorithm in PostgreSQL
GHSA-xgxp-9x8p-gcw4
SQL Injection
GHSA-6v9v-3f4c-cjgx
Untrusted Search Path in PostgreSQL
GHSA-rf5r-cr88-cr97
Generation of Error Message Containing Sensitive Information in postgresql
GHSA-43rr-wcj9-h45w
Incorrect Authorization in PostgreSQL
GHSA-rfp5-6w27-jrq7
Incorrect Comparison, Permissive List of Allowed Inputs, and Privilege Context Switching Error in PostgreSQL
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-23222 A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад |
| CVE-2021-23222 A man-in-the-middle attacker can inject false responses to the client' ... | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-23222 A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад |
| CVE-2021-3677 A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting. | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-vmm8-82m2-pcp5 Use of a Broken or Risky Cryptographic Algorithm in PostgreSQL | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад |
| GHSA-xgxp-9x8p-gcw4 SQL Injection | CVSS3: 8.8 | 23% Средний | больше 3 лет назад |
| GHSA-6v9v-3f4c-cjgx Untrusted Search Path in PostgreSQL | CVSS3: 7.3 | 0% Низкий | больше 3 лет назад |
| GHSA-rf5r-cr88-cr97 Generation of Error Message Containing Sensitive Information in postgresql | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-43rr-wcj9-h45w Incorrect Authorization in PostgreSQL | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-rfp5-6w27-jrq7 Incorrect Comparison, Permissive List of Allowed Inputs, and Privilege Context Switching Error in PostgreSQL | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу