PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 970
CVE-2017-15099
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.
CVE-2017-15098
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.
CVE-2017-15098
Invalid json_populate_recordset or jsonb_populate_recordset function c ...
CVE-2017-15098
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.
BDU:2019-03335
Уязвимость системы управления базами данных PostgreSQL, связанная с возможностью работы под учетной записью операционной системы без полномочий root, позволяющая нарушителю выполнить произвольный код
CVE-2017-8806
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
CVE-2017-8806
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scri ...
CVE-2017-8806
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
BDU:2020-00685
Уязвимость скриптов pg_ctlcluster, pg_createcluster и pg_upgradecluster из пакета postgresql-common система управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на целостность данных
CVE-2017-15099
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2017-15099 INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. | CVSS3: 6.5 | 34% Средний | больше 7 лет назад |
 | CVE-2017-15098 Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. | CVSS3: 8.1 | 1% Низкий | больше 7 лет назад |
| CVE-2017-15098 Invalid json_populate_recordset or jsonb_populate_recordset function c ... | CVSS3: 8.1 | 1% Низкий | больше 7 лет назад |
| CVE-2017-15098 Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. | CVSS3: 8.1 | 1% Низкий | больше 7 лет назад |
 | BDU:2019-03335 Уязвимость системы управления базами данных PostgreSQL, связанная с возможностью работы под учетной записью операционной системы без полномочий root, позволяющая нарушителю выполнить произвольный код | CVSS3: 6.7 | 0% Низкий | больше 7 лет назад |
| CVE-2017-8806 The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | CVSS3: 5.5 | 0% Низкий | больше 7 лет назад |
| CVE-2017-8806 The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scri ... | CVSS3: 5.5 | 0% Низкий | больше 7 лет назад |
| CVE-2017-8806 The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | CVSS3: 5.5 | 0% Низкий | больше 7 лет назад |
| BDU:2020-00685 Уязвимость скриптов pg_ctlcluster, pg_createcluster и pg_upgradecluster из пакета postgresql-common система управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 5.1 | 0% Низкий | больше 7 лет назад |
 | CVE-2017-15099 INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. | CVSS3: 3.1 | 34% Средний | больше 7 лет назад |
Уязвимостей на страницу