Количество 11
Количество 11
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14 ...
GHSA-mr45-mwhc-fw72
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
BDU:2019-01295
Уязвимость системы управления базами данных PostgreSQL, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии
openSUSE-SU-2018:3449-1
Security update for postgresql96
SUSE-SU-2018:3377-1
Security update for postgresql96
openSUSE-SU-2018:2599-1
Security update for postgresql10
SUSE-SU-2018:2564-1
Security update for postgresql10
openSUSE-SU-2020:1227-1
Security update for postgresql96, postgresql10 and postgresql12
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 8.1 | 0% Низкий | около 7 лет назад |
 | CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 7.1 | 0% Низкий | около 7 лет назад |
 | CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 8.1 | 0% Низкий | около 7 лет назад |
| CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14 ... | CVSS3: 8.1 | 0% Низкий | около 7 лет назад |
| GHSA-mr45-mwhc-fw72 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад |
 | BDU:2019-01295 Уязвимость системы управления базами данных PostgreSQL, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии | CVSS3: 7.1 | 0% Низкий | около 7 лет назад |
 | openSUSE-SU-2018:3449-1 Security update for postgresql96 | около 7 лет назад | ||
| SUSE-SU-2018:3377-1 Security update for postgresql96 | около 7 лет назад | ||
| openSUSE-SU-2018:2599-1 Security update for postgresql10 | около 7 лет назад | ||
| SUSE-SU-2018:2564-1 Security update for postgresql10 | около 7 лет назад | ||
| openSUSE-SU-2020:1227-1 Security update for postgresql96, postgresql10 and postgresql12 | около 5 лет назад |
Уязвимостей на страницу