Логотип exploitDog
product: "postgresql"
Консоль
Логотип exploitDog

exploitDog

product: "postgresql"
PostgreSQL

PostgreSQLсвободная объектно-реляционная система управления базами данных.

Релизный цикл, информация об уязвимостях

Продукт: PostgreSQL
Вендор: PostgreSQL

График релизов

131415161720202021202220232024202520262027202820292030

Недавние уязвимости PostgreSQL

Количество 970

nvd логотип

CVE-2024-4317

около 1 года назад

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected.

CVSS3: 3.1
EPSS: Низкий
ubuntu логотип

CVE-2024-4317

около 1 года назад

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected.

CVSS3: 3.1
EPSS: Низкий
rocky логотип

RLSA-2024:0951

около 1 года назад

Important: postgresql security update

EPSS: Низкий
redhat логотип

CVE-2024-4317

около 1 года назад

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected.

CVSS3: 3.1
EPSS: Низкий
fstec логотип

BDU:2024-03569

около 1 года назад

Уязвимость системных представлений pg_stats_ext, pg_stats_ext_exprs СУБД PostgreSQL, позволяющая нарушителю повысить свои привилегии

CVSS3: 3.1
EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2024:0552-1

больше 1 года назад

Security update for postgresql14

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2024:0551-1

больше 1 года назад

Security update for postgresql15

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2024:0550-1

больше 1 года назад

Security update for postgresql16

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2024:0546-1

больше 1 года назад

Security update for postgresql16

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2024:0542-1

больше 1 года назад

Security update for postgresql12

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
nvd логотип
CVE-2024-4317

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected.

CVSS3: 3.1
0%
Низкий
около 1 года назад
ubuntu логотип
CVE-2024-4317

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected.

CVSS3: 3.1
0%
Низкий
около 1 года назад
rocky логотип
RLSA-2024:0951

Important: postgresql security update

0%
Низкий
около 1 года назад
redhat логотип
CVE-2024-4317

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected.

CVSS3: 3.1
0%
Низкий
около 1 года назад
fstec логотип
BDU:2024-03569

Уязвимость системных представлений pg_stats_ext, pg_stats_ext_exprs СУБД PostgreSQL, позволяющая нарушителю повысить свои привилегии

CVSS3: 3.1
0%
Низкий
около 1 года назад
suse-cvrf логотип
SUSE-SU-2024:0552-1

Security update for postgresql14

0%
Низкий
больше 1 года назад
suse-cvrf логотип
SUSE-SU-2024:0551-1

Security update for postgresql15

0%
Низкий
больше 1 года назад
suse-cvrf логотип
SUSE-SU-2024:0550-1

Security update for postgresql16

0%
Низкий
больше 1 года назад
suse-cvrf логотип
SUSE-SU-2024:0546-1

Security update for postgresql16

0%
Низкий
больше 1 года назад
suse-cvrf логотип
SUSE-SU-2024:0542-1

Security update for postgresql12

0%
Низкий
больше 1 года назад

Уязвимостей на страницу


Поделиться