PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 974
CVE-2016-3065
The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page.
CVE-2016-0773
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
CVE-2016-0773
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9. ...
CVE-2016-0766
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
CVE-2016-0766
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9. ...
CVE-2016-0773
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
CVE-2016-0766
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
BDU:2016-00663
Уязвимость операционных систем Debian GNU/Linux и Ubuntu, системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии
BDU:2016-00662
Уязвимость операционных систем Debian GNU/Linux и Ubuntu, системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
CVE-2016-0773
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2016-3065 The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page. | CVSS2: 4.9 | 1% Низкий | больше 9 лет назад |
 | CVE-2016-0773 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. | CVSS3: 7.5 | 7% Низкий | больше 9 лет назад |
| CVE-2016-0773 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9. ... | CVSS3: 7.5 | 7% Низкий | больше 9 лет назад |
| CVE-2016-0766 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors. | CVSS3: 8.8 | 1% Низкий | больше 9 лет назад |
| CVE-2016-0766 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9. ... | CVSS3: 8.8 | 1% Низкий | больше 9 лет назад |
 | CVE-2016-0773 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. | CVSS3: 7.5 | 7% Низкий | больше 9 лет назад |
| CVE-2016-0766 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors. | CVSS3: 8.8 | 1% Низкий | больше 9 лет назад |
 | BDU:2016-00663 Уязвимость операционных систем Debian GNU/Linux и Ubuntu, системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии | CVSS2: 9 | 1% Низкий | больше 9 лет назад |
| BDU:2016-00662 Уязвимость операционных систем Debian GNU/Linux и Ubuntu, системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании | CVSS2: 5 | 7% Низкий | больше 9 лет назад |
| CVE-2016-0773 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. | CVSS2: 6.8 | 7% Низкий | больше 9 лет назад |
Уязвимостей на страницу