ALT-PU-2016-3274-1

Package update postgresql9.4 in branch sisyphus

Version9.4.10-alt1

Published2016-10-27

Max severityHIGH

Severity:

Closed issues (2)

HIGH8.1

Уязвимость системы управления базами данных PostgreSQL, связанная с загрузкой кода без проверки его целостности, позволяющая нарушителю выполнить произвольный код

Published: 2023-03-01

CVSS 3.xHIGH 8.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2016-7048

HIGH8.1

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

Published: 2018-08-20Modified: 2024-11-21

CVSS 2.0CRITICAL 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References