CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 2CVE-2017-14798 – local privilege escalation in SUSE postgresql init script
https://notcve.org/view.php?id=CVE-2017-14798
01 Mar 2018 — A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. Una condición de carrera en el script init de postgresql podría ser aprovechada por atacantes para acceder a la cuenta postgresql y escalar sus privilegios a root. PostgreSQL version 9.4-0.5.3 suffers from a privilege escalation vulnerability. • https://packetstorm.news/files/id/148884 • CWE-61: UNIX Symbolic Link (Symlink) Following CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1052
https://notcve.org/view.php?id=CVE-2018-1052
09 Feb 2018 — Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table. Se ha encontrado una vulnerabilidad de revelación de memoria en la partición de tablas en postgresql, en versiones 10.x anteriores a la 10.2, que permite que un atacante autenticado lea bytes arbitrarios de la memoria del servidor mediante inserciones manipuladas para este propósito en un... • http://www.securityfocus.com/bid/102987 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2018-1053 – postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask
https://notcve.org/view.php?id=CVE-2018-1053
09 Feb 2018 — In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a... • http://www.securityfocus.com/bid/102986 • CWE-377: Insecure Temporary File CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 0%CPEs: 76EXPL: 0CVE-2017-12172 – postgresql: Start scripts permit database administrator to modify root-owned files
https://notcve.org/view.php?id=CVE-2017-12172
22 Nov 2017 — PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file... • http://www.securityfocus.com/bid/101949 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 0%CPEs: 53EXPL: 0CVE-2017-15098 – postgresql: Memory disclosure in JSON functions
https://notcve.org/view.php?id=CVE-2017-15098
09 Nov 2017 — Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. Las llamadas de función json_populate_recordset o jsonb_populate_recordset inválidas en PostgreSQL en versiones 10.x anteriores a la 10.1; versiones 9.6.x anteriores a la 9.6.6, versiones 9.5.x anteriores a la 9.5.10; versiones 9.4.x anteriores a la 9.4.15... • http://www.securityfocus.com/bid/101781 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 1CVE-2017-15099 – postgresql: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges
https://notcve.org/view.php?id=CVE-2017-15099
09 Nov 2017 — INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. Los comandos INSERT ... • https://github.com/ToontjeM/CVE-2017-15099 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 14%CPEs: 66EXPL: 0CVE-2017-7546 – postgresql: Empty password accepted in some authentication methods
https://notcve.org/view.php?id=CVE-2017-7546
10 Aug 2017 — PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. PostgreSQL en sus versiones anteriores a 9.2.22, 9.3.18, 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autenticación incorrecta que permite que atacantes remotos obtengan acceso a cuentas de la base de datos con una contraseña vacía. It was found that authenticating to a PostgreSQL database account with an... • http://www.debian.org/security/2017/dsa-3935 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 65EXPL: 0CVE-2017-7547 – postgresql: pg_user_mappings view discloses passwords to users lacking server privileges
https://notcve.org/view.php?id=CVE-2017-7547
10 Aug 2017 — PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. PostgreSQL en sus versiones anteriores a 9.2.22, 9.3.18, 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autorización que permite que los atacantes remotos autenticados recuperen contraseñas de los mapeos de usuarios definidos por los ... • http://www.debian.org/security/2017/dsa-3935 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2017-7548 – postgresql: lo_put() function ignores ACLs
https://notcve.org/view.php?id=CVE-2017-7548
10 Aug 2017 — PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. PostgreSQL en sus versiones anteriores a 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autorización que permite que atacantes remotos sin privilegios sobre un gran objeto sobreescriban todo el contenido del objeto. Esto resultaría en una denegación de servicio.... • http://www.debian.org/security/2017/dsa-3935 • CWE-862: Missing Authorization •
CVSS: 7.4EPSS: 0%CPEs: 39EXPL: 0CVE-2017-7485 – postgresql: libpq ignores PGREQUIRESSL environment variable
https://notcve.org/view.php?id=CVE-2017-7485
12 May 2017 — In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. En PostgreSQL, en versiones 9.3.x anteriores a la 9.3.17, versiones 9.4.x anteriores a la 9.4.12, versiones 9.5.x anteriores a la 9.5.7, y versiones ... • http://www.debian.org/security/2017/dsa-3851 • CWE-311: Missing Encryption of Sensitive Data CWE-390: Detection of Error Condition Without Action •