ID de Prueba:	1.3.6.1.4.1.25623.1.0.146062
Categoría:	Databases
Título:	PostgreSQL 9.6.x < 9.6.22, 10.x < 10.17, 11.x < 11.12, 12.x < 12.7, 13.x < 13.3 Multiple Vulnerabilities - Windows
Resumen:	PostgreSQL is prone to multiple vulnerabilities.
Descripción:	Summary: PostgreSQL is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2021-32027: While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. - CVE-2021-32028: Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas cannot use this attack at will. Affected Software/OS: PostgreSQL version 9.6.0 through 9.6.21, 10.0 through 10.16, 11.0 through 11.11, 12.0 through 12.6 and 13.0 through 13.2. Solution: Update to version 9.6.22, 10.17, 11.12, 12.7, 13.3 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-32027 https://security.gentoo.org/glsa/202211-04 https://bugzilla.redhat.com/show_bug.cgi?id=1956876 https://www.postgresql.org/support/security/CVE-2021-32027/ Common Vulnerability Exposure (CVE) ID: CVE-2021-32028 https://bugzilla.redhat.com/show_bug.cgi?id=1956877 https://www.postgresql.org/support/security/CVE-2021-32028
Copyright	Copyright (C) 2021 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.