Количество 28
Количество 28
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
CVE-2024-10977
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not t ...
GHSA-62q4-hc79-94qj
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
BDU:2024-09682
Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»
SUSE-SU-2025:01799-1
Security update for postgresql, postgresql16, postgresql17
SUSE-SU-2024:4176-1
Security update for postgresql14
SUSE-SU-2024:4175-1
Security update for postgresql13
SUSE-SU-2024:4174-1
Security update for postgresql15
SUSE-SU-2024:4173-1
Security update for postgresql, postgresql16, postgresql17
SUSE-SU-2024:4118-1
Security update for postgresql14
SUSE-SU-2024:4114-1
Security update for postgresql13
SUSE-SU-2024:4099-1
Security update for postgresql12
SUSE-SU-2024:4098-1
Security update for postgresql15
SUSE-SU-2024:4097-1
Security update for postgresql12
SUSE-SU-2024:4096-1
Security update for postgresql14
SUSE-SU-2024:4095-1
Security update for postgresql15
SUSE-SU-2024:4063-1
Security update for postgresql, postgresql16, postgresql17
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. | CVSS3: 3.1 | 0% Низкий | 10 месяцев назад |
 | CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. | CVSS3: 3.1 | 0% Низкий | 10 месяцев назад |
 | CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. | CVSS3: 3.1 | 0% Низкий | 10 месяцев назад |
 | CVSS3: 3.7 | 0% Низкий | 7 месяцев назад | |
| CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not t ... | CVSS3: 3.1 | 0% Низкий | 10 месяцев назад |
| GHSA-62q4-hc79-94qj Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. | CVSS3: 3.1 | 0% Низкий | 10 месяцев назад |
 | BDU:2024-09682 Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине» | CVSS3: 3.1 | 0% Низкий | 10 месяцев назад |
 | SUSE-SU-2025:01799-1 Security update for postgresql, postgresql16, postgresql17 | 4 месяца назад | ||
| SUSE-SU-2024:4176-1 Security update for postgresql14 | 10 месяцев назад | ||
| SUSE-SU-2024:4175-1 Security update for postgresql13 | 10 месяцев назад | ||
| SUSE-SU-2024:4174-1 Security update for postgresql15 | 10 месяцев назад | ||
| SUSE-SU-2024:4173-1 Security update for postgresql, postgresql16, postgresql17 | 10 месяцев назад | ||
| SUSE-SU-2024:4118-1 Security update for postgresql14 | 10 месяцев назад | ||
| SUSE-SU-2024:4114-1 Security update for postgresql13 | 10 месяцев назад | ||
| SUSE-SU-2024:4099-1 Security update for postgresql12 | 10 месяцев назад | ||
| SUSE-SU-2024:4098-1 Security update for postgresql15 | 10 месяцев назад | ||
| SUSE-SU-2024:4097-1 Security update for postgresql12 | 10 месяцев назад | ||
| SUSE-SU-2024:4096-1 Security update for postgresql14 | 10 месяцев назад | ||
| SUSE-SU-2024:4095-1 Security update for postgresql15 | 10 месяцев назад | ||
| SUSE-SU-2024:4063-1 Security update for postgresql, postgresql16, postgresql17 | 10 месяцев назад |
Уязвимостей на страницу