Test Kennung:	1.3.6.1.4.1.25623.1.0.146061
Kategorie:	Databases
Titel:	PostgreSQL 9.6.x < 9.6.22, 10.x < 10.17, 11.x < 11.12, 12.x < 12.7, 13.x < 13.3 Multiple Vulnerabilities - Linux
Zusammenfassung:	PostgreSQL is prone to multiple vulnerabilities.
Beschreibung:	Summary: PostgreSQL is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2021-32027: While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. - CVE-2021-32028: Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas cannot use this attack at will. Affected Software/OS: PostgreSQL version 9.6.0 through 9.6.21, 10.0 through 10.16, 11.0 through 11.11, 12.0 through 12.6 and 13.0 through 13.2. Solution: Update to version 9.6.22, 10.17, 11.12, 12.7, 13.3 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-32027 https://security.gentoo.org/glsa/202211-04 https://bugzilla.redhat.com/show_bug.cgi?id=1956876 https://www.postgresql.org/support/security/CVE-2021-32027/ Common Vulnerability Exposure (CVE) ID: CVE-2021-32028 https://bugzilla.redhat.com/show_bug.cgi?id=1956877 https://www.postgresql.org/support/security/CVE-2021-32028
Copyright	Copyright (C) 2021 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.