CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 6CVE-2019-9193 – PostgreSQL COPY FROM PROGRAM Command Execution
https://notcve.org/view.php?id=CVE-2019-9193
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’. ** EN DISPUTA ** En PostgreSQL 9.3 a 11.2, la función "COPIAR HACIA / DESDE EL PROGRAMA" permite a los superusuarios y usuarios en el grupo 'pg_execute_server_program' ejecutar código arbitrario en el contexto del usuario del sistema operativo de la base de datos. Esta funcionalidad está habilitada de manera predeterminada y se puede abusar para ejecutar comandos arbitrarios del sistema operativo en Windows, Linux y macOS. • https://www.exploit-db.com/exploits/46813 https://github.com/b4keSn4ke/CVE-2019-9193 https://github.com/paulotrindadec/CVE-2019-9193 https://github.com/chromanite/CVE-2019-9193-PostgreSQL-9.3-11.7 http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.html http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html https://blog.hagander.net/when-a&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-16850 – postgresql: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING
https://notcve.org/view.php?id=CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges. postgresql en versiones anteriores a la 11.1 y 10.6 es vulnerable a una inyección SQL en pg_upgrade y pg_dump mediante CREATE TRIGGER ... REFERENCING. Mediante una definición de detonador manipulado para tal propósito, un atacante puede provocar que la ejecución con privilegios de superusuario de instrucciones SQL. • http://www.securityfocus.com/bid/105923 http://www.securitytracker.com/id/1042144 https://access.redhat.com/errata/RHSA-2018:3757 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850 https://security.gentoo.org/glsa/201811-24 https://usn.ubuntu.com/3818-1 https://www.postgresql.org/about/news/1905 https://access.redhat.com/security/cve/CVE-2018-16850 https://bugzilla.redhat.com/show_bug.cgi?id=1645937 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2018-10936
https://notcve.org/view.php?id=CVE-2018-10936
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA. Se ha descubierto una debilidad en versiones anteriores a la 42.2.5 de postgresql-jdbc. Era posible proporcionar un SSL Factory y no comprobar el nombre de host si no se ha proporcionado un verificador de nombres de host al controlador. • https://github.com/tafamace/CVE-2018-10936 http://www.securityfocus.com/bid/105220 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936 https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E https://www.postgresql.org/about/news/1883 • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-7048
https://notcve.org/view.php?id=CVE-2016-7048
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software. El instalador interactivo en PostgreSQL en versiones anteriores a la 9.3.15, 9.4.x anteriores a la 9.4.10 y 9.5.x anteriores a la 9.5.5 podría permitir que los atacantes remotos ejecuten código arbitrario utilizando HTTP para descargar software. • https://bugzilla.redhat.com/show_bug.cgi?id=1378043 https://www.postgresql.org/support/security • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-10925 – postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements
https://notcve.org/view.php?id=CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. Se ha descubierto que las versiones anteriores a la 10.5, 9.6.10, 9.5.14, 9.4.19 y 9.3.24 de PostgreSQL no comprobaron correctamente la autorización de ciertas instrucciones relacionadas con "INSERT ... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html http://www.securityfocus.com/bid/105052 http://www.securitytracker.com/id/1041446 https://access.redhat.com/errata/RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2565 https://access.redhat.com/errata/RHSA-2018:2566 https://access.redhat.com/errata/RHSA-2018:3816 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925 https://security.gentoo.org/glsa/201810-08 https://usn.ubuntu.com/ • CWE-863: Incorrect Authorization •