Количество 39
Количество 39
BDU:2024-06153
Уязвимость утилиты pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнять произвольный SQL-код
ROS-20240911-22
Уязвимость postgresql13
ROS-20240911-21
Уязвимость postgresql14
ROS-20240911-20
Уязвимость postgresql15
ROS-20240911-19
Уязвимость postgresql16
ROS-20240911-18
Уязвимость postgresql-1c
ROS-20240911-17
Уязвимость postgresql15-1c
ROS-20240911-02
Уязвимость postgresql
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
CVE-2024-7348
CVE-2024-7348
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in Postgr ...
SUSE-SU-2024:3224-1
Security update for postgresql16
SUSE-SU-2024:3192-1
Security update for postgresql16
SUSE-SU-2024:3191-1
Security update for postgresql16
SUSE-SU-2024:3181-1
Security update for postgresql16
SUSE-SU-2024:3171-1
Security update for postgresql16
SUSE-SU-2024:3170-1
Security update for postgresql16
SUSE-SU-2024:3169-1
Security update for postgresql16
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-06153 Уязвимость утилиты pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнять произвольный SQL-код | CVSS3: 8.8 | 0% Низкий | 11 месяцев назад |
 | ROS-20240911-22 Уязвимость postgresql13 | CVSS3: 8.8 | 0% Низкий | 9 месяцев назад |
| ROS-20240911-21 Уязвимость postgresql14 | CVSS3: 8.8 | 0% Низкий | 9 месяцев назад |
| ROS-20240911-20 Уязвимость postgresql15 | CVSS3: 8.8 | 0% Низкий | 9 месяцев назад |
| ROS-20240911-19 Уязвимость postgresql16 | CVSS3: 8.8 | 0% Низкий | 9 месяцев назад |
| ROS-20240911-18 Уязвимость postgresql-1c | CVSS3: 8.8 | 0% Низкий | 9 месяцев назад |
| ROS-20240911-17 Уязвимость postgresql15-1c | CVSS3: 8.8 | 0% Низкий | 9 месяцев назад |
| ROS-20240911-02 Уязвимость postgresql | CVSS3: 8.8 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-7348 Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. | CVSS3: 8.8 | 0% Низкий | 10 месяцев назад |
 | CVE-2024-7348 Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. | CVSS3: 7.5 | 0% Низкий | 11 месяцев назад |
 | CVE-2024-7348 Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. | CVSS3: 8.8 | 0% Низкий | 10 месяцев назад |
 | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад | |
| CVE-2024-7348 Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in Postgr ... | CVSS3: 8.8 | 0% Низкий | 10 месяцев назад |
 | SUSE-SU-2024:3224-1 Security update for postgresql16 | 0% Низкий | 9 месяцев назад | |
| SUSE-SU-2024:3192-1 Security update for postgresql16 | 0% Низкий | 9 месяцев назад | |
| SUSE-SU-2024:3191-1 Security update for postgresql16 | 0% Низкий | 9 месяцев назад | |
| SUSE-SU-2024:3181-1 Security update for postgresql16 | 0% Низкий | 9 месяцев назад | |
| SUSE-SU-2024:3171-1 Security update for postgresql16 | 0% Низкий | 9 месяцев назад | |
| SUSE-SU-2024:3170-1 Security update for postgresql16 | 0% Низкий | 9 месяцев назад | |
| SUSE-SU-2024:3169-1 Security update for postgresql16 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу