CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32029 – postgresql: Memory disclosure in partitioned-table UPDATE ... RETURNING
https://notcve.org/view.php?id=CVE-2021-32029
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. Se ha encontrado un fallo en postgresql. usando un comando UPDATE ... • https://bugzilla.redhat.com/show_bug.cgi?id=1956883 https://security.netapp.com/advisory/ntap-20211112-0003 https://www.postgresql.org/support/security/CVE-2021-32029 https://access.redhat.com/security/cve/CVE-2021-32029 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-32027 – postgresql: Buffer overrun from integer overflow in array subscripting calculations
https://notcve.org/view.php?id=CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en postgresql en las versiones anteriores a 13.3, versiones anteriores a 12.7, versiones anteriores a 11.12, versiones anteriores a 10.17 y versiones anteriores a 9.6.22. Cuando se modifican determinados valores de matrices SQL, una falta de comprobación de límites permite a usuarios autentificados de la base de datos escribir bytes arbitrarios en una amplia zona de la memoria del servidor. • https://bugzilla.redhat.com/show_bug.cgi?id=1956876 https://security.gentoo.org/glsa/202211-04 https://security.netapp.com/advisory/ntap-20210713-0004 https://www.postgresql.org/support/security/CVE-2021-32027 https://access.redhat.com/security/cve/CVE-2021-32027 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-32028 – postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
https://notcve.org/view.php?id=CVE-2021-32028
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. • https://bugzilla.redhat.com/show_bug.cgi?id=1956877 https://security.gentoo.org/glsa/202211-04 https://security.netapp.com/advisory/ntap-20211112-0003 https://www.postgresql.org/support/security/CVE-2021-32028 https://access.redhat.com/security/cve/CVE-2021-32028 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3393 – postgresql: Partition constraint violation errors leak values of denied columns
https://notcve.org/view.php?id=CVE-2021-3393
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. Se detectó un filtrado de información en postgresql en versiones anteriores a 13.2, versiones anteriores a 12.6 y versiones anteriores a 11.11. Un usuario que tenga el permiso UPDATE pero no el permiso SELECT para una columna en particular podría diseñar consultas que, en algunas circunstancias, podrían divulgar valores de esa columna en mensajes de error. • https://bugzilla.redhat.com/show_bug.cgi?id=1924005 https://security.gentoo.org/glsa/202105-32 https://security.netapp.com/advisory/ntap-20210507-0006 https://access.redhat.com/security/cve/CVE-2021-3393 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.6EPSS: 0%CPEs: 7EXPL: 0CVE-2020-25696 – postgresql: psql's \gset allows overwriting specially treated variables
https://notcve.org/view.php?id=CVE-2020-25696
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en el terminal interactivo psql de PostgreSQL en versiones anteriores a 13.1, anteriores a 12.5, anteriores a 11.10, anteriores a 10.15, anteriores a 9.6.20 y anteriores a 9.5.24. Si una sesión psql interactiva utiliza \gset al consultar un servidor comprometido, el atacante puede ejecutar código arbitrario como la cuenta del sistema operativo que ejecuta psql. • https://bugzilla.redhat.com/show_bug.cgi?id=1894430 https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html https://security.gentoo.org/glsa/202012-07 https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111 https://access.redhat.com/security/cve/CVE-2020-25696 • CWE-183: Permissive List of Allowed Inputs CWE-270: Privilege Context Switching Error CWE-697: Incorrect Comparison •