Количество 1 017
Количество 1 017
RLSA-2024:0975
Important: postgresql:13 security update
RLSA-2024:0974
Important: postgresql:12 security update
RLSA-2024:0973
Important: postgresql:15 security update
RLSA-2024:0956
Important: postgresql:10 security update
RLSA-2024:0951
Important: postgresql security update
RLSA-2024:0950
Important: postgresql:15 security update
RLSA-2023:0113
Moderate: postgresql:10 security update
RLSA-2022:7128
Moderate: postgresql:12 security update
RLSA-2022:4855
Important: postgresql:13 security update
RLSA-2022:4807
Important: postgresql:12 security update
RLSA-2022:4805
Important: postgresql:10 security update
RLSA-2022:4771
Important: postgresql security update
RLSA-2022:1891
Low: libpq security update
GHSA-xvhg-pwg9-qp4r
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
GHSA-xr8v-mf39-c8v7
PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553.
GHSA-xmm7-85wh-j3jf
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.
GHSA-xj65-3378-xxg3
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
GHSA-xgxp-9x8p-gcw4
SQL Injection
GHSA-xg92-g8h7-v7r4
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
GHSA-xcqr-pm35-6p88
Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2024:0975 Important: postgresql:13 security update | 1% Низкий | около 2 лет назад | |
| RLSA-2024:0974 Important: postgresql:12 security update | 1% Низкий | 8 месяцев назад | |
| RLSA-2024:0973 Important: postgresql:15 security update | 1% Низкий | около 2 лет назад | |
| RLSA-2024:0956 Important: postgresql:10 security update | 1% Низкий | около 2 лет назад | |
| RLSA-2024:0951 Important: postgresql security update | 1% Низкий | почти 2 года назад | |
| RLSA-2024:0950 Important: postgresql:15 security update | 1% Низкий | около 2 лет назад | |
| RLSA-2023:0113 Moderate: postgresql:10 security update | 1% Низкий | около 3 лет назад | |
| RLSA-2022:7128 Moderate: postgresql:12 security update | 1% Низкий | больше 3 лет назад | |
| RLSA-2022:4855 Important: postgresql:13 security update | 2% Низкий | почти 4 года назад | |
| RLSA-2022:4807 Important: postgresql:12 security update | 2% Низкий | почти 4 года назад | |
| RLSA-2022:4805 Important: postgresql:10 security update | 2% Низкий | почти 4 года назад | |
| RLSA-2022:4771 Important: postgresql security update | 2% Низкий | почти 4 года назад | |
| RLSA-2022:1891 Low: libpq security update | 0% Низкий | почти 4 года назад | |
| GHSA-xvhg-pwg9-qp4r PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. | CVSS3: 9.8 | 1% Низкий | почти 4 года назад |
| GHSA-xr8v-mf39-c8v7 PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553. | 0% Низкий | почти 4 года назад | |
| GHSA-xmm7-85wh-j3jf Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL. | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад |
| GHSA-xj65-3378-xxg3 contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | CVSS3: 7.5 | 2% Низкий | почти 4 года назад |
| GHSA-xgxp-9x8p-gcw4 SQL Injection | CVSS3: 8.8 | 23% Средний | около 4 лет назад |
| GHSA-xg92-g8h7-v7r4 The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | CVSS3: 5.5 | 0% Низкий | почти 4 года назад |
| GHSA-xcqr-pm35-6p88 Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow. | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу