RedosROS-20240329-12ROS-20240329-12
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.5%
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pg_signal_backend role.
to superuser processes using the pg_signal_backend role. Exploitation of the vulnerability could allow
a remote attacker to cause a denial of service to a specific background process
A vulnerability in the PostgreSQL database management system is related to information disclosure. Exploitation
the vulnerability could allow a remote attacker to gain unauthorized access to protected information by sending unauthorized past messages to the protected process.
protected information by sending an unverified string during Kerberos session establishment
A vulnerability in the PostgreSQL database management system is related to the lack of service data protection in function calls with aggregation.
aggregation function calls. Exploitation of the vulnerability could allow an attacker acting remotely,
disclose protected information when the unknown type is passed as an argument
Vulnerability of database management system functions array_append, array_prepend, array_subscript_handler
PostgreSQL is related to integer overflow on array modification. Exploitation of the vulnerability could
allow a remote intruder to execute arbitrary code
A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to a flaw in the
access delimitation. Exploitation of the vulnerability could allow a remote attacker,
elevate his privileges and execute arbitrary code using the CREATE SCHEMA command
A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to errors in the
security settings. Exploitation of the vulnerability could allow an attacker acting remotely,
bypass security restrictions
PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions,
that use quoting constructs (@extowner@, @extschema@ or @extschema:…@) inside parentheses
(dollar quoting, ‘’, or “”). Exploitation of the vulnerability could allow an attacker acting remotely to
execute an arbitrary SQL query against a database
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| redos | 7.3 | x86_64 | postgresql13 | <= 13.14-2 | UNKNOWN |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.5%