CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2018-1053 – postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask
https://notcve.org/view.php?id=CVE-2018-1053
09 Feb 2018 — In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a... • http://www.securityfocus.com/bid/102986 • CWE-377: Insecure Temporary File CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 0%CPEs: 76EXPL: 0CVE-2017-12172 – postgresql: Start scripts permit database administrator to modify root-owned files
https://notcve.org/view.php?id=CVE-2017-12172
22 Nov 2017 — PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file... • http://www.securityfocus.com/bid/101949 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 0%CPEs: 53EXPL: 0CVE-2017-15098 – postgresql: Memory disclosure in JSON functions
https://notcve.org/view.php?id=CVE-2017-15098
09 Nov 2017 — Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. Las llamadas de función json_populate_recordset o jsonb_populate_recordset inválidas en PostgreSQL en versiones 10.x anteriores a la 10.1; versiones 9.6.x anteriores a la 9.6.6, versiones 9.5.x anteriores a la 9.5.10; versiones 9.4.x anteriores a la 9.4.15... • http://www.securityfocus.com/bid/101781 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 11%CPEs: 18EXPL: 1CVE-2017-15099 – postgresql: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges
https://notcve.org/view.php?id=CVE-2017-15099
09 Nov 2017 — INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. Los comandos INSERT ... • https://github.com/ToontjeM/CVE-2017-15099 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 5%CPEs: 12EXPL: 0CVE-2009-3231 – postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed
https://notcve.org/view.php?id=CVE-2009-3231
17 Sep 2009 — The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. El componente core server en PostgreSQL desde v8.3 anteriores a v8.3.8 y desde v8.2 anteriores a v8.2.14, cuando se utiliza la autenticación de LDAP con imposiciones anónimas, permite a atacantes remotos evitar la autenticación a través de una contraseña vacía. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html • CWE-287: Improper Authentication •