PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 970
CVE-2019-10127
A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files.
CVE-2019-10127
A vulnerability was found in postgresql versions 11.x prior to 11.3. T ...
CVE-2019-10127
A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files.
openSUSE-SU-2021:0423-1
Security update for postgresql12
SUSE-SU-2021:0695-1
Security update for postgresql12
CVE-2021-20229
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
CVE-2021-20229
A flaw was found in PostgreSQL in versions before 13.2. This flaw allo ...
CVE-2021-20229
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
BDU:2021-01131
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками механизма авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
SUSE-SU-2021:0544-1
Security update for postgresql12
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2019-10127 A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files. | CVSS3: 8.8 | 0% Низкий | больше 4 лет назад |
| CVE-2019-10127 A vulnerability was found in postgresql versions 11.x prior to 11.3. T ... | CVSS3: 8.8 | 0% Низкий | больше 4 лет назад |
 | CVE-2019-10127 A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files. | CVSS3: 8.8 | 0% Низкий | больше 4 лет назад |
 | openSUSE-SU-2021:0423-1 Security update for postgresql12 | 0% Низкий | больше 4 лет назад | |
| SUSE-SU-2021:0695-1 Security update for postgresql12 | 0% Низкий | больше 4 лет назад | |
| CVE-2021-20229 A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-20229 A flaw was found in PostgreSQL in versions before 13.2. This flaw allo ... | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| CVE-2021-20229 A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
 | BDU:2021-01131 Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками механизма авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| SUSE-SU-2021:0544-1 Security update for postgresql12 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу