Количество 28
Количество 28
BDU:2024-09682
Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»
ROS-20241211-08
Множественные уязвимости postgresql15-1c
ROS-20241211-07
Множественные уязвимости postgresql-1c
ROS-20241211-06
Множественные уязвимости postgresql16
ROS-20241211-05
Множественные уязвимости postgresql15
ROS-20241211-04
Множественные уязвимости postgresql14
ROS-20241211-03
Множественные уязвимости postgresql13
ROS-20241211-02
Множественные уязвимости postgresql
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
CVE-2024-10977
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not t ...
GHSA-62q4-hc79-94qj
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
SUSE-SU-2025:01799-1
Security update for postgresql, postgresql16, postgresql17
SUSE-SU-2024:4176-1
Security update for postgresql14
SUSE-SU-2024:4175-1
Security update for postgresql13
SUSE-SU-2024:4174-1
Security update for postgresql15
SUSE-SU-2024:4173-1
Security update for postgresql, postgresql16, postgresql17
SUSE-SU-2024:4118-1
Security update for postgresql14
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-09682 Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине» | CVSS3: 3.1 | 0% Низкий | 7 месяцев назад |
 | ROS-20241211-08 Множественные уязвимости postgresql15-1c | CVSS3: 8.8 | 6 месяцев назад | |
| ROS-20241211-07 Множественные уязвимости postgresql-1c | CVSS3: 8.8 | 6 месяцев назад | |
| ROS-20241211-06 Множественные уязвимости postgresql16 | CVSS3: 8.8 | 6 месяцев назад | |
| ROS-20241211-05 Множественные уязвимости postgresql15 | CVSS3: 8.8 | 6 месяцев назад | |
| ROS-20241211-04 Множественные уязвимости postgresql14 | CVSS3: 8.8 | 6 месяцев назад | |
| ROS-20241211-03 Множественные уязвимости postgresql13 | CVSS3: 8.8 | 6 месяцев назад | |
| ROS-20241211-02 Множественные уязвимости postgresql | CVSS3: 8.8 | 6 месяцев назад | |
 | CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. | CVSS3: 3.1 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. | CVSS3: 3.1 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. | CVSS3: 3.1 | 0% Низкий | 7 месяцев назад |
 | CVSS3: 3.7 | 0% Низкий | 4 месяца назад | |
| CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not t ... | CVSS3: 3.1 | 0% Низкий | 7 месяцев назад |
| GHSA-62q4-hc79-94qj Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. | CVSS3: 3.1 | 0% Низкий | 7 месяцев назад |
 | SUSE-SU-2025:01799-1 Security update for postgresql, postgresql16, postgresql17 | 17 дней назад | ||
| SUSE-SU-2024:4176-1 Security update for postgresql14 | 7 месяцев назад | ||
| SUSE-SU-2024:4175-1 Security update for postgresql13 | 7 месяцев назад | ||
| SUSE-SU-2024:4174-1 Security update for postgresql15 | 7 месяцев назад | ||
| SUSE-SU-2024:4173-1 Security update for postgresql, postgresql16, postgresql17 | 7 месяцев назад | ||
| SUSE-SU-2024:4118-1 Security update for postgresql14 | 7 месяцев назад |
Уязвимостей на страницу