CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2018-16850 – postgresql: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING
https://notcve.org/view.php?id=CVE-2018-16850
13 Nov 2018 — postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges. postgresql en versiones anteriores a la 11.1 y 10.6 es vulnerable a una inyección SQL en pg_upgrade y pg_dump mediante CREATE TRIGGER ... REFERENCING. Mediante una definición de detonador manipulado para tal propósito, un atacante puede provocar que ... • http://www.securityfocus.com/bid/105923 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-10925 – postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements
https://notcve.org/view.php?id=CVE-2018-10925
09 Aug 2018 — It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. Se ha descubierto que las versiones anteriore... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html • CWE-863: Incorrect Authorization •
CVSS: 8.5EPSS: 1%CPEs: 17EXPL: 0CVE-2018-10915 – postgresql: Certain host connection parameters defeat client-side security defenses
https://notcve.org/view.php?id=CVE-2018-10915
09 Aug 2018 — A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1115 – postgresql: Too-permissive access control list on function pg_logfile_rotate()
https://notcve.org/view.php?id=CVE-2018-1115
10 May 2018 — postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation. postgresql en versiones anteriores a la 10.4 y la 9.6.9 es vulnerable en la extensión adminpack. La función pg_catalog.pg_logfile_rotate() no sigue las mismas lista de control de acceso que pg_rorate_logfile. Si admin... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 80%CPEs: 9EXPL: 0CVE-2018-1058 – postgresql: Uncontrolled search path element in pg_dump and other client applications
https://notcve.org/view.php?id=CVE-2018-1058
02 Mar 2018 — A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. Se ha encontrado un error en la forma en la que Postgresql permitía que un usuario modificase el comportamiento de una consulta para otros usuarios. Un atacante con una cuenta de usuario podría emplear este error para ejecutar código con permisos de ... • http://www.securityfocus.com/bid/103221 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1052
https://notcve.org/view.php?id=CVE-2018-1052
09 Feb 2018 — Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table. Se ha encontrado una vulnerabilidad de revelación de memoria en la partición de tablas en postgresql, en versiones 10.x anteriores a la 10.2, que permite que un atacante autenticado lea bytes arbitrarios de la memoria del servidor mediante inserciones manipuladas para este propósito en un... • http://www.securityfocus.com/bid/102987 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2018-1053 – postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask
https://notcve.org/view.php?id=CVE-2018-1053
09 Feb 2018 — In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a... • http://www.securityfocus.com/bid/102986 • CWE-377: Insecure Temporary File CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 10%CPEs: 18EXPL: 1CVE-2017-15099 – postgresql: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges
https://notcve.org/view.php?id=CVE-2017-15099
09 Nov 2017 — INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. Los comandos INSERT ... • https://github.com/ToontjeM/CVE-2017-15099 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 5%CPEs: 12EXPL: 0CVE-2009-3231 – postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed
https://notcve.org/view.php?id=CVE-2009-3231
17 Sep 2009 — The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. El componente core server en PostgreSQL desde v8.3 anteriores a v8.3.8 y desde v8.2 anteriores a v8.2.14, cuando se utiliza la autenticación de LDAP con imposiciones anónimas, permite a atacantes remotos evitar la autenticación a través de una contraseña vacía. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2004-0977
https://notcve.org/view.php?id=CVE-2004-0977
20 Oct 2004 — The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300 •