Количество 25
Количество 25
BDU:2023-04767
Уязвимость системы управления базами данных PostgreSQL, связанная с возможностью SQL-инъекций в расширениях, позволяющая нарушителю выполнять произвольный SQL-запрос к базе данных
ROS-20231009-03
Уязвимость PostgreSQL 15
ROS-20231009-01
Уязвимость PostgreSQL 14
ROS-20240329-12
Множественные уязвимости postgresql13
ROS-20240329-11
Множественные уязвимости postgresql
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
CVE-2023-39417
Postgresql: extension script @substitutions@ within quoting allow sql injection
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in Po ...
SUSE-SU-2023:3384-1
Security update for postgresql15
SUSE-SU-2023:3348-1
Security update for postgresql15
SUSE-SU-2023:3346-1
Security update for postgresql12
SUSE-SU-2023:3345-1
Security update for postgresql15
SUSE-SU-2023:3344-1
Security update for postgresql15
SUSE-SU-2023:3343-1
Security update for postgresql15
SUSE-SU-2023:3341-1
Security update for postgresql12
GHSA-jx3x-j983-74m3
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
SUSE-SU-2023:3347-1
Security update for postgresql15
SUSE-SU-2023:3342-1
Security update for postgresql15
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2023-04767 Уязвимость системы управления базами данных PostgreSQL, связанная с возможностью SQL-инъекций в расширениях, позволяющая нарушителю выполнять произвольный SQL-запрос к базе данных | CVSS3: 7.5 | 1% Низкий | больше 2 лет назад |
 | ROS-20231009-03 Уязвимость PostgreSQL 15 | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
| ROS-20231009-01 Уязвимость PostgreSQL 14 | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
| ROS-20240329-12 Множественные уязвимости postgresql13 | CVSS3: 8.8 | больше 1 года назад | |
| ROS-20240329-11 Множественные уязвимости postgresql | CVSS3: 8.8 | больше 1 года назад | |
 | CVE-2023-39417 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
 | CVE-2023-39417 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
 | CVE-2023-39417 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
 | CVE-2023-39417 Postgresql: extension script @substitutions@ within quoting allow sql injection | CVSS3: 8.8 | 1% Низкий | около 2 лет назад |
| CVE-2023-39417 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in Po ... | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
 | SUSE-SU-2023:3384-1 Security update for postgresql15 | 1% Низкий | около 2 лет назад | |
| SUSE-SU-2023:3348-1 Security update for postgresql15 | 1% Низкий | около 2 лет назад | |
| SUSE-SU-2023:3346-1 Security update for postgresql12 | 1% Низкий | около 2 лет назад | |
| SUSE-SU-2023:3345-1 Security update for postgresql15 | 1% Низкий | около 2 лет назад | |
| SUSE-SU-2023:3344-1 Security update for postgresql15 | 1% Низкий | около 2 лет назад | |
| SUSE-SU-2023:3343-1 Security update for postgresql15 | 1% Низкий | около 2 лет назад | |
| SUSE-SU-2023:3341-1 Security update for postgresql12 | 1% Низкий | около 2 лет назад | |
| GHSA-jx3x-j983-74m3 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
| SUSE-SU-2023:3347-1 Security update for postgresql15 | около 2 лет назад | ||
| SUSE-SU-2023:3342-1 Security update for postgresql15 | около 2 лет назад |
Уязвимостей на страницу