CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-25694 – postgresql: Reconnection can downgrade connection security settings
https://notcve.org/view.php?id=CVE-2020-25694
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en PostgreSQL versiones anteriores a 13.1, anteriores a 12.5, anteriores a 11.10, anteriores a 10.15, anteriores a 9.6.20 y anteriores a 9.5.24. Si una aplicación cliente que crea conexiones de base de datos adicionales solo reutiliza los parámetros de conexión básicos mientras elimina los parámetros relevantes para la seguridad, una oportunidad para un ataque de tipo man-in-the-middle, o la capacidad de observar transmisiones de texto sin cifrar podrían existir. • https://bugzilla.redhat.com/show_bug.cgi?id=1894423 https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html https://security.gentoo.org/glsa/202012-07 https://security.netapp.com/advisory/ntap-20201202-0003 https://www.postgresql.org/support/security https://access.redhat.com/security/cve/CVE-2020-25694 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10211
https://notcve.org/view.php?id=CVE-2019-10211
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. El instalador de Postgresql Windows anterior a las versiones 11.5, 10.10, 9.6.15, 9.5.19 y 9.4.24, es vulnerable por medio del código de ejecución de OpenSSL integrado desde un directorio desprotegido • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10211 https://www.postgresql.org/about/news/1960 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10210
https://notcve.org/view.php?id=CVE-2019-10210
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. El instalador de Postgresql Windows anterior a las versiones 11.5, 10.10, 9.6.15, 9.5.19 y 9.4.24, es vulnerable por medio de un superusuario al escribir una contraseña en un archivo temporal desprotegido. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10210 https://www.postgresql.org/about/news/1960 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-10208 – postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
https://notcve.org/view.php?id=CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. Se descubrió un fallo en postgresql versiones 9.4.x en versiones anteriores a la 9.4.24, versiones 9.5.x en versiones anteriores a la 9.5.19, versiones 9.6.x en versiones anteriores a la 9.6.15, versiones 10.x en versiones anteriores a la 10.10 y versiones 11.x en versiones anteriores a la 11.5 donde pueden ser ejecutadas sentencias SQL arbitrarias dada una función SECURITY DEFINER adecuada. Un atacante, con permiso EXECUTE sobre la función, puede ejecutar código SQL arbitrario como propietario de la función. A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208 https://www.postgresql.org/about/news/1960 https://access.redhat.com/security/cve/CVE-2019-10208 https://bugzilla.redhat.com/show_bug.cgi?id=1734416 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 6CVE-2019-9193 – PostgreSQL COPY FROM PROGRAM Command Execution
https://notcve.org/view.php?id=CVE-2019-9193
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’. ** EN DISPUTA ** En PostgreSQL 9.3 a 11.2, la función "COPIAR HACIA / DESDE EL PROGRAMA" permite a los superusuarios y usuarios en el grupo 'pg_execute_server_program' ejecutar código arbitrario en el contexto del usuario del sistema operativo de la base de datos. Esta funcionalidad está habilitada de manera predeterminada y se puede abusar para ejecutar comandos arbitrarios del sistema operativo en Windows, Linux y macOS. • https://www.exploit-db.com/exploits/46813 https://github.com/b4keSn4ke/CVE-2019-9193 https://github.com/paulotrindadec/CVE-2019-9193 https://github.com/chromanite/CVE-2019-9193-PostgreSQL-9.3-11.7 http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.html http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html https://blog.hagander.net/when-a&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •