PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 970
CVE-2017-7547
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
CVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
CVE-2017-7548
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.
CVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
CVE-2017-7547
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
CVE-2017-7548
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.
CVE-2016-0768
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
CVE-2016-0768
PostgreSQL PL/Java after 9.0 does not honor access controls on large o ...
CVE-2016-0768
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
CVE-2017-7486
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2017-7547 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. | CVSS3: 8.8 | 1% Низкий | почти 8 лет назад |
| CVE-2017-7546 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. | CVSS3: 9.8 | 30% Средний | почти 8 лет назад |
| CVE-2017-7548 PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. | CVSS3: 7.5 | 1% Низкий | почти 8 лет назад |
 | CVE-2017-7546 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. | CVSS3: 5.6 | 30% Средний | почти 8 лет назад |
| CVE-2017-7547 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. | CVSS3: 7.5 | 1% Низкий | почти 8 лет назад |
| CVE-2017-7548 PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. | CVSS3: 5.4 | 1% Низкий | почти 8 лет назад |
 | CVE-2016-0768 PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. | CVSS3: 7.5 | 0% Низкий | около 8 лет назад |
| CVE-2016-0768 PostgreSQL PL/Java after 9.0 does not honor access controls on large o ... | CVSS3: 7.5 | 0% Низкий | около 8 лет назад |
| CVE-2016-0768 PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. | CVSS3: 7.5 | 0% Низкий | около 8 лет назад |
| CVE-2017-7486 PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. | CVSS3: 7.5 | 5% Низкий | около 8 лет назад |
Уязвимостей на страницу