PostgreSQL — свободная объектно-реляционная система управления базами данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 017
CVE-2015-5289
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
BDU:2015-11958
Уязвимости системы управления базами данных PostgreSQL, позволяющие нарушителю вызвать отказ в обслуживании
BDU:2015-11959
Уязвимость системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании или прочитать произвольные участки памяти сервера
CVE-2015-5289
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
CVE-2015-5288
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
CVE-2015-3165
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
CVE-2015-3165
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9. ...
CVE-2015-3165
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
BDU:2015-10480
Уязвимость системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
CVE-2015-3167
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2015-5289 Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. | CVSS2: 6.4 | 10% Низкий | больше 10 лет назад |
 | BDU:2015-11958 Уязвимости системы управления базами данных PostgreSQL, позволяющие нарушителю вызвать отказ в обслуживании | CVSS2: 6.4 | 10% Низкий | больше 10 лет назад |
| BDU:2015-11959 Уязвимость системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании или прочитать произвольные участки памяти сервера | CVSS2: 6.4 | 9% Низкий | больше 10 лет назад |
 | CVE-2015-5289 Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. | CVSS2: 4.3 | 10% Низкий | больше 10 лет назад |
| CVE-2015-5288 The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. | CVSS2: 4 | 9% Низкий | больше 10 лет назад |
 | CVE-2015-3165 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. | CVSS2: 4.3 | 10% Низкий | почти 11 лет назад |
| CVE-2015-3165 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9. ... | CVSS2: 4.3 | 10% Низкий | почти 11 лет назад |
| CVE-2015-3165 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. | CVSS2: 4.3 | 10% Низкий | почти 11 лет назад |
| BDU:2015-10480 Уязвимость системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании | CVSS2: 4.3 | 10% Низкий | почти 11 лет назад |
| CVE-2015-3167 contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | CVSS2: 2.6 | 2% Низкий | почти 11 лет назад |
Уязвимостей на страницу