PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 974
SUSE-SU-2019:2158-1
Security update for postgresql94
openSUSE-SU-2019:2062-1
Security update for postgresql10
SUSE-SU-2019:2228-1
Security update for postgresql10
CVE-2019-10209
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.
CVE-2019-10210
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
CVE-2019-10211
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.
BDU:2019-02917
Уязвимость инсталлятора Windows EnterpriseDB системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
CVE-2019-3800
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
SUSE-SU-2019:1783-2
Security update for postgresql10
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | SUSE-SU-2019:2158-1 Security update for postgresql94 | 0% Низкий | около 6 лет назад | |
| openSUSE-SU-2019:2062-1 Security update for postgresql10 | 0% Низкий | около 6 лет назад | |
| SUSE-SU-2019:2228-1 Security update for postgresql10 | 0% Низкий | около 6 лет назад | |
 | CVE-2019-10209 Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan. | CVSS3: 3.1 | 0% Низкий | больше 6 лет назад |
| CVE-2019-10210 Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | CVSS3: 6.7 | 0% Низкий | больше 6 лет назад |
| CVE-2019-10208 A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-10211 Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | CVSS3: 7.8 | 1% Низкий | больше 6 лет назад |
 | BDU:2019-02917 Уязвимость инсталлятора Windows EnterpriseDB системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации | CVSS3: 4.4 | 1% Низкий | больше 6 лет назад |
 | CVE-2019-3800 CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. | CVSS3: 6.3 | 0% Низкий | больше 6 лет назад |
| SUSE-SU-2019:1783-2 Security update for postgresql10 | 5% Низкий | больше 6 лет назад |
Уязвимостей на страницу