CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10210
https://notcve.org/view.php?id=CVE-2019-10210
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. El instalador de Postgresql Windows anterior a las versiones 11.5, 10.10, 9.6.15, 9.5.19 y 9.4.24, es vulnerable por medio de un superusuario al escribir una contraseña en un archivo temporal desprotegido. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10210 https://www.postgresql.org/about/news/1960 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-7048
https://notcve.org/view.php?id=CVE-2016-7048
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software. El instalador interactivo en PostgreSQL en versiones anteriores a la 9.3.15, 9.4.x anteriores a la 9.4.10 y 9.5.x anteriores a la 9.5.5 podría permitir que los atacantes remotos ejecuten código arbitrario utilizando HTTP para descargar software. • https://bugzilla.redhat.com/show_bug.cgi?id=1378043 https://www.postgresql.org/support/security • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1115 – postgresql: Too-permissive access control list on function pg_logfile_rotate()
https://notcve.org/view.php?id=CVE-2018-1115
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation. postgresql en versiones anteriores a la 10.4 y la 9.6.9 es vulnerable en la extensión adminpack. La función pg_catalog.pg_logfile_rotate() no sigue las mismas lista de control de acceso que pg_rorate_logfile. Si adminpack se añade a una base de datos, un atacante que sea capaz de conectarse a ella podría explotar esta rotación forzada de registro. It was found that pg_catalog.pg_logfile_rotate(), from the adminpack extension, did not follow the same ACLs than pg_rorate_logfile. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html http://www.securityfocus.com/bid/104285 https://access.redhat.com/errata/RHSA-2018:2565 https://access.redhat.com/errata/RHSA-2018:2566 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115 https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=7b34740 https://security.gentoo.org/glsa/201810-08 https://access.redhat.com/security/cve/CVE-2018-1115 https://bugzilla.redhat.com/show_bug • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14798 – local privilege escalation in SUSE postgresql init script
https://notcve.org/view.php?id=CVE-2017-14798
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. Una condición de carrera en el script init de postgresql podría ser aprovechada por atacantes para acceder a la cuenta postgresql y escalar sus privilegios a root. PostgreSQL version 9.4-0.5.3 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/45184 http://lists.suse.com/pipermail/sle-security-updates/2017-November/003420.html https://bugzilla.suse.com/show_bug.cgi?id=1062722 https://www.suse.com/de-de/security/cve/CVE-2017-14798 • CWE-61: UNIX Symbolic Link (Symlink) Following CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0768
https://notcve.org/view.php?id=CVE-2016-0768
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. PL/Java posterior a la versión 9.0 de PostgreSQL, no respeta los controles de acceso en objetos grandes. • https://tada.github.io/pljava/releasenotes.html • CWE-284: Improper Access Control •