12967 matches found
Astra Linux - уязвимость в postgresql-11
Improper neutralization of quoting syntax in PostgreSQL’s libpq functions such as PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to exploit SQL injection attacks under certain usage patterns. Specifically, SQL injection requires the...
Astra Linux - уязвимость в postgresql-11
Over-reading of buffers in PostgreSQL’s GB18030 encoding validation allows a database input provider to cause temporary denial of service on platforms where a 1-byte over-reading can lead to process termination. This issue affects both the database server and libpq. Versions prior to PostgreSQL...
Astra Linux - уязвимость в postgresql-11
A vulnerability was discovered in PostgreSQL 12.2, allowing attackers to cause a denial of service by repeatedly sending SIGHUP signals. NOTE: This claim is disputed by the vendor, as untrusted users are unable to send SIGHUP signals; such signals can only be sent by a PostgreSQL superuser, a use...
Astra Linux - уязвимость в rails
The PostgreSQL adapter in Active Record before versions 6.1.2.1, 6.0.3.5, and 5.2.4.5 is vulnerable to a regular expression denial of service REDoS vulnerability. Carefully crafted inputs can cause the input validation for the money type in the PostgreSQL adapter in Active Record to spend too muc...
Astra Linux - уязвимость в postgresql-11
PostgreSQL optimizer statistics enable users to read sampled data within views that they cannot access. Additionally, statistics allow users to access sampled data that was intended to be hidden by row security policies. PostgreSQL maintains statistics for tables by sampling data available in...
Astra Linux - уязвимость в postgresql-11
A memory disclosure vulnerability was discovered in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with ‘unknown’-type arguments. Handling ‘unknown’-type values from string literals without type designation can reveal bytes,...
Astra Linux - уязвимость в postgresql-11
Incorrect control of environment variables in PostgreSQL PL/Perl allows a non-privileged database user to modify sensitive process environment variables e.g., PATH. This often sufficient to enable arbitrary code execution, even if the attacker does not have a role as a database server operating...
Astra Linux - уязвимость в postgresql-11
An information leak was discovered in PostgreSQL versions prior to 13.2, before 12.6, and before 11.11. A user with UPDATE permission but without SELECT permission for a specific column could create queries that, under certain circumstances, might reveal values from that column in error messages...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL. A specially crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can carry out this attack at will. The attack does not require the ability to create objects. If the server settings include...
Astra Linux - уязвимость в postgresql-11
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for execution during dump restoration, through the client operating system account running psql, using psql meta-commands within a specially crafted object name. The same attack...
Astra Linux - уязвимость в postgresql-11
A vulnerability was discovered in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the...
Astra Linux - уязвимость в php8.1, php7.3
In PHP versions 8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, and 8.4. pgsql and pdopgsql versions, the escaping functions do not check whether the underlying quoting functions return errors. This could lead to crashes if the Postgres server rejects the string as invalid...
Astra Linux - уязвимость в postgresql-11
schemaelement defeats protective measures for search paths; It was discovered that certain database calls in PostgreSQL could allow an authenticated attacker with elevated database-level privileges to execute arbitrary code...
Astra Linux - уязвимость в postgresql-11
Row security policies ignore changes to user IDs after inline operations. PostgreSQL may allow incorrect policies to be applied in certain cases where role-specific policies are used, and where a given query is planned to be executed under one role and then executed under another role. This...
Astra Linux - уязвимость в php8.1
In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, and 8.5. before 8.5.1, when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL. There is an issue where insufficient efforts are made to ensure safe operation when a privileged user is managing objects of another user. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activate relevant...
Astra Linux - уязвимость в postgresql-11
The Time-of-Check Time-of-Use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions while the user running pgdump is a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for...
Astra Linux - уязвимость в postgresql-11
A late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY operation in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. This feature enables the owner of the materialized view to run SQL functions, thereby allowing for the safe refreshing of...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL. By using an UPDATE...RETURNING command on a specially crafted table, an authenticated database user could read arbitrary bytes of server memory. The most significant threat of this vulnerability is data confidentiality...
Astra Linux - уязвимость в postgresql-11
Inclusion of untrusted data in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for execution during dump restoration, as the client operating system account running psql restores the dump using psql meta-commands. pgdumpall is also affected. pgresto...