PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 984
CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client' ...
CVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.
CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
GHSA-6v9v-3f4c-cjgx
Untrusted Search Path in PostgreSQL
GHSA-xgxp-9x8p-gcw4
SQL Injection
GHSA-vmm8-82m2-pcp5
Use of a Broken or Risky Cryptographic Algorithm in PostgreSQL
GHSA-rf5r-cr88-cr97
Generation of Error Message Containing Sensitive Information in postgresql
GHSA-43rr-wcj9-h45w
Incorrect Authorization in PostgreSQL
GHSA-rfp5-6w27-jrq7
Incorrect Comparison, Permissive List of Allowed Inputs, and Privilege Context Switching Error in PostgreSQL
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-23222 A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. | CVSS3: 5.9 | 0% Низкий | почти 4 года назад |
| CVE-2021-23222 A man-in-the-middle attacker can inject false responses to the client' ... | CVSS3: 5.9 | 0% Низкий | почти 4 года назад |
 | CVE-2021-3677 A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting. | CVSS3: 6.5 | 0% Низкий | почти 4 года назад |
| CVE-2021-23222 A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. | CVSS3: 5.9 | 0% Низкий | почти 4 года назад |
| GHSA-6v9v-3f4c-cjgx Untrusted Search Path in PostgreSQL | CVSS3: 7.3 | 0% Низкий | почти 4 года назад |
| GHSA-xgxp-9x8p-gcw4 SQL Injection | CVSS3: 8.8 | 25% Средний | почти 4 года назад |
| GHSA-vmm8-82m2-pcp5 Use of a Broken or Risky Cryptographic Algorithm in PostgreSQL | CVSS3: 8.1 | 0% Низкий | почти 4 года назад |
| GHSA-rf5r-cr88-cr97 Generation of Error Message Containing Sensitive Information in postgresql | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
| GHSA-43rr-wcj9-h45w Incorrect Authorization in PostgreSQL | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
| GHSA-rfp5-6w27-jrq7 Incorrect Comparison, Permissive List of Allowed Inputs, and Privilege Context Switching Error in PostgreSQL | CVSS3: 7.5 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу