VuXML ID | Description |
e3eeda2e-1d67-11e8-a2ec-6cc21735f730 | PostgreSQL vulnerabilities
The PostgreSQL project reports:
- CVE-2018-1058: Uncontrolled search path element in pg_dump and other client applications
Discovery 2018-03-01 Entry 2018-03-01 postgresql93-server
ge 9.3.0 lt 9.3.22
postgresql94-server
ge 9.4.0 lt 9.4.17
postgresql95-server
ge 9.5.0 lt 9.5.12
postgresql96-server
ge 9.6.0 lt 9.6.8
postgresql10-server
ge 10.0 lt 10.3
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path
CVE-2018-1058
|
1f02af5d-c566-11e7-a12d-6cc21735f730 | PostgreSQL vulnerabilities
The PostgreSQL project reports:
- CVE-2017-15098: Memory disclosure in JSON functions
- CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to
enforce SELECT privileges
Discovery 2017-10-10 Entry 2017-11-09 postgresql92-server
ge 9.2.0 lt 9.2.24
postgresql93-server
ge 9.3.0 lt 9.3.20
postgresql94-server
ge 9.4.0 lt 9.4.15
postgresql95-server
ge 9.5.0 lt 9.5.10
postgresql96-server
ge 9.6.0 lt 9.6.6
postgresql10-server
ge 10.0 lt 10.1
CVE-2017-15099
CVE-2017-15098
|
c602c791-0cf4-11e8-a2ec-6cc21735f730 | PostgreSQL vulnerabilities
The PostgreSQL project reports:
- CVE-2018-1052: Fix the processing of partition keys containing multiple expressions (only for PostgreSQL-10.x)
- CVE-2018-1053: Ensure that all temporary files made with "pg_upgrade" are non-world-readable
Discovery 2018-02-05 Entry 2018-02-08 postgresql93-server
ge 9.3.0 lt 9.3.21
postgresql94-server
ge 9.4.0 lt 9.4.16
postgresql95-server
ge 9.5.0 lt 9.5.11
postgresql96-server
ge 9.6.0 lt 9.6.7
postgresql10-server
ge 10.0 lt 10.2
CVE-2018-1052
CVE-2018-1053
|
ca16fd0b-5fd1-11e6-a6f2-6cc21735f730 | PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities
PostgreSQL project reports:
Security Fixes nested CASE expressions +
database and role names with embedded special characters
- CVE-2016-5423: certain nested CASE expressions can cause the
server to crash.
- CVE-2016-5424: database and role names with embedded special
characters can allow code injection during administrative operations
like pg_dumpall.
Discovery 2016-08-11 Entry 2016-08-11 postgresql91-server
ge 9.1.0 lt 9.1.23
postgresql92-server
ge 9.2.0 lt 9.2.18
postgresql93-server
ge 9.3.0 lt 9.3.11
postgresql94-server
ge 9.4.0 lt 9.4.9
postgresql95-server
ge 9.5.0 lt 9.5.4
CVE-2016-5423
CVE-2016-5424
|
414c18bf-3653-11e7-9550-6cc21735f730 | PostgreSQL vulnerabilities
The PostgreSQL project reports:
Security Fixes nested CASE expressions +
database and role names with embedded special characters
- CVE-2017-7484: selectivity estimators bypass SELECT privilege
checks.
- CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
- CVE-2017-7486: pg_user_mappings view discloses foreign server
passwords. This applies to new databases, see the release notes for
the procedure to apply the fix to an existing database.
Discovery 2017-05-11 Entry 2017-05-11 postgresql92-client
ge 9.2.0 lt 9.2.20
postgresql93-client
ge 9.3.0 lt 9.3.16
postgresql94-client
ge 9.4.0 lt 9.4.11
postgresql95-client
ge 9.5.0 lt 9.5.6
postgresql96-client
ge 9.6.0 lt 9.6.2
postgresql92-server
ge 9.2.0 lt 9.2.20
postgresql93-server
ge 9.3.0 lt 9.3.16
postgresql94-server
ge 9.4.0 lt 9.4.11
postgresql95-server
ge 9.5.0 lt 9.5.6
postgresql96-server
ge 9.6.0 lt 9.6.2
CVE-2016-5423
CVE-2016-5424
|
982872f1-7dd3-11e7-9736-6cc21735f730 | PostgreSQL vulnerabilities
The PostgreSQL project reports:
- CVE-2017-7546: Empty password accepted in some authentication
methods
- CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords
to users lacking server privileges
- CVE-2017-7548: lo_put() function ignores ACLs
Discovery 2017-08-10 Entry 2017-08-10 postgresql92-server
ge 9.2.0 lt 9.2.22
postgresql93-server
ge 9.3.0 lt 9.3.18
postgresql94-server
ge 9.4.0 lt 9.4.13
postgresql95-server
ge 9.5.0 lt 9.5.8
postgresql96-server
ge 9.6.0 lt 9.6.4
CVE-2017-7546
CVE-2017-7547
CVE-2017-7548
|
96eab874-9c79-11e8-b34b-6cc21735f730 | PostgreSQL -- two vulnerabilities
The PostgreSQL project reports:
CVE-2018-10915: Certain host connection parameters defeat
client-side security defenses
libpq, the client connection API for PostgreSQL that is also used
by other connection libraries, had an internal issue where it did not
reset all of its connection state variables when attempting to
reconnect. In particular, the state variable that determined whether
or not a password is needed for a connection would not be reset, which
could allow users of features requiring libpq, such as the "dblink" or
"postgres_fdw" extensions, to login to servers they should not be able
to access.
CVE-2018-10925: Memory disclosure and missing authorization in
`INSERT ... ON CONFLICT DO UPDATE`
An attacker able to issue CREATE TABLE can read arbitrary bytes of
server memory using an upsert (`INSERT ... ON CONFLICT DO UPDATE`)
query. By default, any user can exploit that. A user that has
specific INSERT privileges and an UPDATE privilege on at least one
column in a given table can also update other columns using a view and
an upsert query.
Discovery 2018-08-09 Entry 2018-08-10 postgresql10-server
< 10.5
postgresql96-server
< 9.6.10
postgresql95-server
< 9.5.14
postgresql94-server
< 9.4.19
postgresql93-server
< 9.3.24
https://www.postgresql.org/about/news/1878/
CVE-2018-10915
CVE-2018-10925
|
a0182578-6e00-11e5-a90c-0026551a22dc | PostgreSQL -- minor security problems.
PostgreSQL project reports:
Two security issues have been fixed in this release which affect
users of specific PostgreSQL features.
- CVE-2015-5289 json or jsonb input values constructed from
arbitrary user input can crash the PostgreSQL server and cause a denial of
service.
- CVE-2015-5288: The crypt() function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed.
Discovery 2015-10-08 Entry 2015-10-08 postgresql90-server
ge 9.0.0 lt 9.0.22
postgresql91-server
ge 9.1.0 lt 9.1.18
postgresql92-server
ge 9.2.0 lt 9.2.13
postgresql93-server
ge 9.3.0 lt 9.3.9
postgresql94-server
ge 9.4.0 lt 9.4.4
CVE-2015-5289
CVE-2015-5288
|
9de4c1c1-b9ee-11e9-82aa-6cc21735f730 | PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution
The PostgreSQL project reports:
Versions Affected: 9.4 - 11
Given a suitable `SECURITY DEFINER` function, an attacker can execute arbitrary
SQL under the identity of the function owner. An attack requires `EXECUTE`
permission on the function, which must itself contain a function call having
inexact argument type match. For example, `length('foo'::varchar)` and
`length('foo')` are inexact, while `length('foo'::text)` is exact.
As part of exploiting this vulnerability, the attacker uses `CREATE DOMAIN`
to create a type in a `pg_temp` schema. The attack pattern and fix are similar
to that for CVE-2007-2138.
Writing `SECURITY DEFINER` functions continues to require following
the considerations noted in the documentation:
https://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREATEFUNCTION-SECURITY
Versions Affected: 11
In a database containing hypothetical, user-defined hash equality operators,
an attacker could read arbitrary bytes of server memory. For an attack to
become possible, a superuser would need to create unusual operators.
It is possible for operators not purpose-crafted for attack to have
the properties that enable an attack, but we are not aware of specific examples.
Discovery 2019-08-08 Entry 2019-08-08 postgresql11-server
< 11.5
postgresql10-server
< 10.10
postgresql96-server
< 9.6.15
postgresql95-server
< 9.5.19
postgresql94-server
< 9.4.24
https://www.postgresql.org/about/news/1960/
CVE-2019-10208
CVE-2019-10209
|
e8b6605b-d29f-11e5-8458-6cc21735f730 | PostgreSQL -- Security Fixes for Regular Expressions, PL/Java.
PostgreSQL project reports:
Security Fixes for Regular Expressions, PL/Java
- CVE-2016-0773: This release closes security hole CVE-2016-0773,
an issue with regular expression (regex) parsing. Prior code allowed
users to pass in expressions which included out-of-range Unicode
characters, triggering a backend crash. This issue is critical for
PostgreSQL systems with untrusted users or which generate regexes
based on user input.
- CVE-2016-0766: The update also fixes CVE-2016-0766, a privilege
escalation issue for users of PL/Java. Certain custom configuration
settings (GUCS) for PL/Java will now be modifiable only by the
database superuser
Discovery 2016-02-08 Entry 2016-02-12 postgresql91-server
ge 9.1.0 lt 9.1.20
postgresql92-server
ge 9.2.0 lt 9.2.15
postgresql93-server
ge 9.3.0 lt 9.3.11
postgresql94-server
ge 9.4.0 lt 9.4.6
postgresql95-server
ge 9.5.0 lt 9.5.1
CVE-2016-0773
CVE-2016-0766
|
1c27a706-e3aa-11e8-b77a-6cc21735f730 | PostgreSQL -- SQL injection in pg_upgrade and pg_dump
The PostgreSQL project reports:
CVE-2018-16850: SQL injection in pg_upgrade and pg_dump,
via CREATE TRIGGER ... REFERENCING.
Using a purpose-crafted trigger definition, an attacker can run
arbitrary SQL statements with superuser privileges when a superuser
runs pg_upgrade on the database or during a pg_dump dump/restore
cycle. This attack requires a CREATE privilege on some non-temporary
schema or a TRIGGER privilege on a table. This is exploitable in the
default PostgreSQL configuration, where all users have CREATE
privilege on public schema.
Discovery 2018-11-08 Entry 2018-11-08 postgresql10-server
< 10.6
postgresql96-server
< 9.6.11
postgresql95-server
< 9.5.15
postgresql94-server
< 9.4.20
postgresql93-server
< 9.3.25
https://www.postgresql.org/about/news/1905/
CVE-2018-16850
|