Количество 970
Количество 970
SUSE-SU-2023:3343-1
Security update for postgresql15
SUSE-SU-2023:3341-1
Security update for postgresql12
SUSE-SU-2021:0695-1
Security update for postgresql12
SUSE-SU-2021:0544-1
Security update for postgresql12
SUSE-SU-2018:0876-1
Security update for postgresql94
SUSE-SU-2018:0756-1
Security update for postgresql96
SUSE-SU-2018:0755-1
Security update for postgresql94
SUSE-SU-2018:0675-1
Security update for postgresql94
SUSE-SU-2018:0507-1
Security update for postgresql96
SUSE-SU-2018:0506-1
Security update for postgresql94
RLSA-2022:1830
Moderate: postgresql:10 security update
GHSA-x3q3-v77f-cg26
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
GHSA-wj3f-f94q-2r98
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
GHSA-wcfv-hw89-j2wx
The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.
GHSA-vvfr-p62m-9frc
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
GHSA-rf5r-cr88-cr97
Generation of Error Message Containing Sensitive Information in postgresql
GHSA-r822-pwxw-5qc9
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
GHSA-r7p3-79xh-j7pg
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
GHSA-jx3x-j983-74m3
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
GHSA-h86w-m5rm-xr33
Unescaped parameters in the PostgreSQL JDBC driver
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2023:3343-1 Security update for postgresql15 | 1% Низкий | почти 2 года назад | |
| SUSE-SU-2023:3341-1 Security update for postgresql12 | 1% Низкий | почти 2 года назад | |
| SUSE-SU-2021:0695-1 Security update for postgresql12 | 0% Низкий | больше 4 лет назад | |
| SUSE-SU-2021:0544-1 Security update for postgresql12 | 0% Низкий | больше 4 лет назад | |
| SUSE-SU-2018:0876-1 Security update for postgresql94 | 82% Высокий | больше 7 лет назад | |
| SUSE-SU-2018:0756-1 Security update for postgresql96 | 82% Высокий | больше 7 лет назад | |
| SUSE-SU-2018:0755-1 Security update for postgresql94 | 82% Высокий | больше 7 лет назад | |
| SUSE-SU-2018:0675-1 Security update for postgresql94 | 0% Низкий | больше 7 лет назад | |
| SUSE-SU-2018:0507-1 Security update for postgresql96 | 0% Низкий | больше 7 лет назад | |
| SUSE-SU-2018:0506-1 Security update for postgresql94 | 0% Низкий | больше 7 лет назад | |
 | RLSA-2022:1830 Moderate: postgresql:10 security update | 0% Низкий | больше 3 лет назад | |
| GHSA-x3q3-v77f-cg26 The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. | 1% Низкий | больше 3 лет назад | |
| GHSA-wj3f-f94q-2r98 A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. | CVSS3: 8.8 | 82% Высокий | около 3 лет назад |
| GHSA-wcfv-hw89-j2wx The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request. | 2% Низкий | около 3 лет назад | |
| GHSA-vvfr-p62m-9frc The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | 0% Низкий | больше 3 лет назад | |
| GHSA-rf5r-cr88-cr97 Generation of Error Message Containing Sensitive Information in postgresql | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-r822-pwxw-5qc9 Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states. | 1% Низкий | больше 3 лет назад | |
| GHSA-r7p3-79xh-j7pg Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. | CVSS3: 5.4 | 0% Низкий | около 2 лет назад |
| GHSA-jx3x-j983-74m3 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
| GHSA-h86w-m5rm-xr33 Unescaped parameters in the PostgreSQL JDBC driver | 1% Низкий | около 3 лет назад |
Уязвимостей на страницу