PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 970

CVE-2019-10211
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.

CVE-2019-10209
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

CVE-2019-10210
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.

BDU:2019-02917
Уязвимость инсталлятора Windows EnterpriseDB системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

CVE-2019-3800
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

SUSE-SU-2019:1783-2
Security update for postgresql10

CVE-2019-10130
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
CVE-2019-10130
A vulnerability was found in PostgreSQL versions 11.x up to excluding ...

CVE-2019-10129
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).
CVE-2019-10129
A vulnerability was found in postgresql versions 11.x prior to 11.3. U ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
---|---|---|---|---|
![]() | CVE-2019-10211 Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | CVSS3: 7.8 | 2% Низкий | почти 6 лет назад |
![]() | CVE-2019-10209 Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan. | CVSS3: 3.1 | 0% Низкий | почти 6 лет назад |
![]() | CVE-2019-10210 Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | CVSS3: 6.7 | 0% Низкий | почти 6 лет назад |
![]() | BDU:2019-02917 Уязвимость инсталлятора Windows EnterpriseDB системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации | CVSS3: 4.4 | 2% Низкий | почти 6 лет назад |
![]() | CVE-2019-3800 CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. | CVSS3: 6.3 | 0% Низкий | почти 6 лет назад |
![]() | SUSE-SU-2019:1783-2 Security update for postgresql10 | 5% Низкий | почти 6 лет назад | |
![]() | CVE-2019-10130 A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker. | CVSS3: 4.3 | 0% Низкий | около 6 лет назад |
CVE-2019-10130 A vulnerability was found in PostgreSQL versions 11.x up to excluding ... | CVSS3: 4.3 | 0% Низкий | около 6 лет назад | |
![]() | CVE-2019-10129 A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052). | CVSS3: 6.5 | 0% Низкий | около 6 лет назад |
CVE-2019-10129 A vulnerability was found in postgresql versions 11.x prior to 11.3. U ... | CVSS3: 6.5 | 0% Низкий | около 6 лет назад |
Уязвимостей на страницу