Количество 11
Количество 11
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14 ...
GHSA-mr45-mwhc-fw72
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
BDU:2019-01295
Уязвимость системы управления базами данных PostgreSQL, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии
openSUSE-SU-2018:3449-1
Security update for postgresql96
SUSE-SU-2018:3377-1
Security update for postgresql96
openSUSE-SU-2018:2599-1
Security update for postgresql10
SUSE-SU-2018:2564-1
Security update for postgresql10
openSUSE-SU-2020:1227-1
Security update for postgresql96, postgresql10 and postgresql12
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 8.1 | 0% Низкий | больше 7 лет назад |
 | CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 7.1 | 0% Низкий | больше 7 лет назад |
 | CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 8.1 | 0% Низкий | больше 7 лет назад |
| CVE-2018-10925 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14 ... | CVSS3: 8.1 | 0% Низкий | больше 7 лет назад |
| GHSA-mr45-mwhc-fw72 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад |
 | BDU:2019-01295 Уязвимость системы управления базами данных PostgreSQL, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии | CVSS3: 7.1 | 0% Низкий | больше 7 лет назад |
 | openSUSE-SU-2018:3449-1 Security update for postgresql96 | около 7 лет назад | ||
| SUSE-SU-2018:3377-1 Security update for postgresql96 | около 7 лет назад | ||
| openSUSE-SU-2018:2599-1 Security update for postgresql10 | больше 7 лет назад | ||
| SUSE-SU-2018:2564-1 Security update for postgresql10 | больше 7 лет назад | ||
| openSUSE-SU-2020:1227-1 Security update for postgresql96, postgresql10 and postgresql12 | больше 5 лет назад |
Уязвимостей на страницу