PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 984
BDU:2020-05466
Уязвимость реализации мета-команды «gset» системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код
BDU:2020-05467
Уязвимость компонента client системы управления базами данных PostgreSQL, позволяющая нарушителю реализовать атаку типа «человек посередине»
CVE-2020-10733
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.
CVE-2020-10733
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ...
CVE-2020-14350
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
CVE-2020-14350
It was found that some PostgreSQL extensions did not use search_path s ...
CVE-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
CVE-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and bef ...
CVE-2020-14350
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
CVE-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2020-05466 Уязвимость реализации мета-команды «gset» системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.1 | 0% Низкий | около 5 лет назад |
| BDU:2020-05467 Уязвимость компонента client системы управления базами данных PostgreSQL, позволяющая нарушителю реализовать атаку типа «человек посередине» | CVSS3: 9.8 | 0% Низкий | около 5 лет назад |
 | CVE-2020-10733 The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights. | CVSS3: 7.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-10733 The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ... | CVSS3: 7.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-14350 It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. | CVSS3: 7.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-14350 It was found that some PostgreSQL extensions did not use search_path s ... | CVSS3: 7.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-14349 It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. | CVSS3: 7.1 | 2% Низкий | больше 5 лет назад |
| CVE-2020-14349 It was found that PostgreSQL versions before 12.4, before 11.9 and bef ... | CVSS3: 7.1 | 2% Низкий | больше 5 лет назад |
 | CVE-2020-14350 It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. | CVSS3: 7.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-14349 It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. | CVSS3: 7.1 | 2% Низкий | больше 5 лет назад |
Уязвимостей на страницу