CVE-2019-10210
https://notcve.org/view.php?id=CVE-2019-10210
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. El instalador de Postgresql Windows anterior a las versiones 11.5, 10.10, 9.6.15, 9.5.19 y 9.4.24, es vulnerable por medio de un superusuario al escribir una contraseña en un archivo temporal desprotegido. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10210 https://www.postgresql.org/about/news/1960 • CWE-522: Insufficiently Protected Credentials •
CVE-2019-10208 – postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
https://notcve.org/view.php?id=CVE-2019-10208
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. Se descubrió un fallo en postgresql versiones 9.4.x en versiones anteriores a la 9.4.24, versiones 9.5.x en versiones anteriores a la 9.5.19, versiones 9.6.x en versiones anteriores a la 9.6.15, versiones 10.x en versiones anteriores a la 10.10 y versiones 11.x en versiones anteriores a la 11.5 donde pueden ser ejecutadas sentencias SQL arbitrarias dada una función SECURITY DEFINER adecuada. Un atacante, con permiso EXECUTE sobre la función, puede ejecutar código SQL arbitrario como propietario de la función. A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208 https://www.postgresql.org/about/news/1960 https://access.redhat.com/security/cve/CVE-2019-10208 https://bugzilla.redhat.com/show_bug.cgi?id=1734416 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-10130 – postgresql: Selectivity estimators bypass row security policies
https://notcve.org/view.php?id=CVE-2019-10130
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130 https://security.gentoo.org/glsa/202003-03 https://www.postgresql.org/about/news/1939 https://access.redhat.com/security/cve/CVE-2019-10130 https://bugzilla.redhat.com/show_bug.cgi?id=1707109 • CWE-284: Improper Access Control •
CVE-2019-9193 – PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution
https://notcve.org/view.php?id=CVE-2019-9193
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’. ** EN DISPUTA ** En PostgreSQL 9.3 a 11.2, la función "COPIAR HACIA / DESDE EL PROGRAMA" permite a los superusuarios y usuarios en el grupo 'pg_execute_server_program' ejecutar código arbitrario en el contexto del usuario del sistema operativo de la base de datos. Esta funcionalidad está habilitada de manera predeterminada y se puede abusar para ejecutar comandos arbitrarios del sistema operativo en Windows, Linux y macOS. • https://www.exploit-db.com/exploits/46813 https://github.com/b4keSn4ke/CVE-2019-9193 https://github.com/paulotrindadec/CVE-2019-9193 https://github.com/chromanite/CVE-2019-9193-PostgreSQL-9.3-11.7 http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.html http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html https://blog.hagander.net/when-a • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-10925 – postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements
https://notcve.org/view.php?id=CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. Se ha descubierto que las versiones anteriores a la 10.5, 9.6.10, 9.5.14, 9.4.19 y 9.3.24 de PostgreSQL no comprobaron correctamente la autorización de ciertas instrucciones relacionadas con "INSERT ... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html http://www.securityfocus.com/bid/105052 http://www.securitytracker.com/id/1041446 https://access.redhat.com/errata/RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2565 https://access.redhat.com/errata/RHSA-2018:2566 https://access.redhat.com/errata/RHSA-2018:3816 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925 https://security.gentoo.org/glsa/201810-08 https://usn.ubuntu.com/ • CWE-863: Incorrect Authorization •