Page 3 of 111 results (0.007 seconds)

CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2018-1115 – postgresql: Too-permissive access control list on function pg_logfile_rotate()

https://notcve.org/view.php?id=CVE-2018-1115

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation. postgresql en versiones anteriores a la 10.4 y la 9.6.9 es vulnerable en la extensión adminpack. La función pg_catalog.pg_logfile_rotate() no sigue las mismas lista de control de acceso que pg_rorate_logfile. Si adminpack se añade a una base de datos, un atacante que sea capaz de conectarse a ella podría explotar esta rotación forzada de registro. It was found that pg_catalog.pg_logfile_rotate(), from the adminpack extension, did not follow the same ACLs than pg_rorate_logfile. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html http://www.securityfocus.com/bid/104285 https://access.redhat.com/errata/RHSA-2018:2565 https://access.redhat.com/errata/RHSA-2018:2566 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115 https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=7b34740 https://security.gentoo.org/glsa/201810-08 https://access.redhat.com/security/cve/CVE-2018-1115 https://bugzilla.redhat.com/show_bug • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-14798 – local privilege escalation in SUSE postgresql init script

https://notcve.org/view.php?id=CVE-2017-14798

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. Una condición de carrera en el script init de postgresql podría ser aprovechada por atacantes para acceder a la cuenta postgresql y escalar sus privilegios a root. PostgreSQL version 9.4-0.5.3 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/45184 http://lists.suse.com/pipermail/sle-security-updates/2017-November/003420.html https://bugzilla.suse.com/show_bug.cgi?id=1062722 https://www.suse.com/de-de/security/cve/CVE-2017-14798 • CWE-61: UNIX Symbolic Link (Symlink) Following CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.2EPSS: 0%CPEs: 76EXPL: 0

CVE-2017-12172 – postgresql: Start scripts permit database administrator to modify root-owned files

https://notcve.org/view.php?id=CVE-2017-12172

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. • http://www.securityfocus.com/bid/101949 http://www.securitytracker.com/id/1039752 https://access.redhat.com/errata/RHSA-2017:3402 https://access.redhat.com/errata/RHSA-2017:3403 https://access.redhat.com/errata/RHSA-2017:3404 https://access.redhat.com/errata/RHSA-2017:3405 https://www.postgresql.org/about/news/1801 https://www.postgresql.org/support/security https://access.redhat.com/security/cve/CVE-2017-12172 https://bugzilla.redhat.com/show_bug.cgi?id=1498394 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 8.8EPSS: 0%CPEs: 65EXPL: 0

CVE-2017-7547 – postgresql: pg_user_mappings view discloses passwords to users lacking server privileges

https://notcve.org/view.php?id=CVE-2017-7547

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. PostgreSQL en sus versiones anteriores a 9.2.22, 9.3.18, 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autorización que permite que los atacantes remotos autenticados recuperen contraseñas de los mapeos de usuarios definidos por los propietarios del servidor extranjero sin tener privilegios para ello. An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote, authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. • http://www.debian.org/security/2017/dsa-3935 http://www.debian.org/security/2017/dsa-3936 http://www.securityfocus.com/bid/100275 http://www.securitytracker.com/id/1039142 https://access.redhat.com/errata/RHSA-2017:2677 https://access.redhat.com/errata/RHSA-2017:2678 https://access.redhat.com/errata/RHSA-2017:2728 https://security.gentoo.org/glsa/201710-06 https://www.postgresql.org/about/news/1772 https://access.redhat.com/security/cve/CVE-2017-7547 https:// • CWE-522: Insufficiently Protected Credentials •

CVSS: 9.8EPSS: 28%CPEs: 66EXPL: 0

CVE-2017-7546 – postgresql: Empty password accepted in some authentication methods

https://notcve.org/view.php?id=CVE-2017-7546

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. PostgreSQL en sus versiones anteriores a 9.2.22, 9.3.18, 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autenticación incorrecta que permite que atacantes remotos obtengan acceso a cuentas de la base de datos con una contraseña vacía. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. • http://www.debian.org/security/2017/dsa-3935 http://www.debian.org/security/2017/dsa-3936 http://www.securityfocus.com/bid/100278 http://www.securitytracker.com/id/1039142 https://access.redhat.com/errata/RHSA-2017:2677 https://access.redhat.com/errata/RHSA-2017:2678 https://access.redhat.com/errata/RHSA-2017:2728 https://access.redhat.com/errata/RHSA-2017:2860 https://security.gentoo.org/glsa/201710-06 https://www.postgresql.org/about/news/1772 https://access • CWE-287: Improper Authentication •