Количество 11
Количество 11
GHSA-mr45-mwhc-fw72
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14 ...
BDU:2019-01295
Уязвимость системы управления базами данных PostgreSQL, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии
openSUSE-SU-2018:3449-1
Security update for postgresql96
SUSE-SU-2018:3377-1
Security update for postgresql96
openSUSE-SU-2018:2599-1
Security update for postgresql10
SUSE-SU-2018:2564-1
Security update for postgresql10
openSUSE-SU-2020:1227-1
Security update for postgresql96, postgresql10 and postgresql12
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-mr45-mwhc-fw72 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 8.1 | 1% Низкий | около 3 лет назад |
 | CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 8.1 | 1% Низкий | почти 7 лет назад |
 | CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 7.1 | 1% Низкий | почти 7 лет назад |
 | CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 8.1 | 1% Низкий | почти 7 лет назад |
| CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14 ... | CVSS3: 8.1 | 1% Низкий | почти 7 лет назад |
 | BDU:2019-01295 Уязвимость системы управления базами данных PostgreSQL, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии | CVSS3: 7.1 | 1% Низкий | почти 7 лет назад |
 | openSUSE-SU-2018:3449-1 Security update for postgresql96 | больше 6 лет назад | ||
| SUSE-SU-2018:3377-1 Security update for postgresql96 | больше 6 лет назад | ||
| openSUSE-SU-2018:2599-1 Security update for postgresql10 | почти 7 лет назад | ||
| SUSE-SU-2018:2564-1 Security update for postgresql10 | почти 7 лет назад | ||
| openSUSE-SU-2020:1227-1 Security update for postgresql96, postgresql10 and postgresql12 | почти 5 лет назад |
Уязвимостей на страницу