PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 984
GHSA-3c6g-7v4g-5xcm
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in Postgr ...
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
BDU:2024-06153
Уязвимость утилиты pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнять произвольный SQL-код
SUSE-SU-2024:2262-3
Security update for postgresql14
SUSE-SU-2024:2262-2
Security update for postgresql14
SUSE-SU-2024:2266-1
Security update for postgresql16
SUSE-SU-2024:2262-1
Security update for postgresql14
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-3c6g-7v4g-5xcm Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. | CVSS3: 8.8 | 1% Низкий | больше 1 года назад |
 | CVE-2024-7348 Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. | CVSS3: 8.8 | 1% Низкий | больше 1 года назад |
| CVE-2024-7348 Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in Postgr ... | CVSS3: 8.8 | 1% Низкий | больше 1 года назад |
 | CVE-2024-7348 Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. | CVSS3: 8.8 | 1% Низкий | больше 1 года назад |
 | CVE-2024-7348 Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
 | BDU:2024-06153 Уязвимость утилиты pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнять произвольный SQL-код | CVSS3: 8.8 | 1% Низкий | больше 1 года назад |
 | SUSE-SU-2024:2262-3 Security update for postgresql14 | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2024:2262-2 Security update for postgresql14 | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2024:2266-1 Security update for postgresql16 | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2024:2262-1 Security update for postgresql14 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу