12 matches found
Astra Linux - уязвимость в postgresql-11
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries during the initial establishment of a connection, despite the use of SSL certificate verification and encryption...
Astra Linux - уязвимость в postgresql-11
A man-in-the-middle attacker can inject false responses to the client’s first few queries, despite the use of SSL certificate verification and encryption...
Astra Linux - уязвимость в postgresql-11
A memory disclosure vulnerability was discovered in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with ‘unknown’-type arguments. Handling ‘unknown’-type values from string literals without type designation can reveal bytes,...
Astra Linux - уязвимость в postgresql-11
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL. A specially crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can carry out this attack at will. The attack does not require the ability to create objects. If the server settings include...
Astra Linux - уязвимость в postgresql-11
schemaelement defeats protective measures for search paths; It was discovered that certain database calls in PostgreSQL could allow an authenticated attacker with elevated database-level privileges to execute arbitrary code...
Astra Linux - уязвимость в postgresql-11
Row security policies ignore changes to user IDs after inline operations. PostgreSQL may allow incorrect policies to be applied in certain cases where role-specific policies are used, and where a given query is planned to be executed under one role and then executed under another role. This...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL. There is an issue where insufficient efforts are made to ensure safe operation when a privileged user is managing objects of another user. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activate relevant...
Astra Linux - уязвимость в postgresql-11
A vulnerability was discovered in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the...
Astra Linux - уязвимость в postgresql-11
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL related to the pgcancelbackend role, which signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a background worker that is less...
Security Bulletin: CVE-2023-39417 - Extension script @substitutions@ within quoting allow SQL injection
Summary IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker...