Lucene search

[email protected]NVD:CVE-2010-1975

HistoryMay 19, 2010 - 6:30 p.m.

CVE-2010-1975

2010-05-1918:30:03

CWE-264

[email protected]

web.nvd.nist.gov

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

JSON

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

Affected configurations

NVD

Node

postgresqlpostgresqlMatch7.4

postgresqlpostgresqlMatch7.4.1

postgresqlpostgresqlMatch7.4.2

postgresqlpostgresqlMatch7.4.3

postgresqlpostgresqlMatch7.4.4

postgresqlpostgresqlMatch7.4.5

postgresqlpostgresqlMatch7.4.6

postgresqlpostgresqlMatch7.4.7

postgresqlpostgresqlMatch7.4.8

postgresqlpostgresqlMatch7.4.9

postgresqlpostgresqlMatch7.4.10

postgresqlpostgresqlMatch7.4.11

postgresqlpostgresqlMatch7.4.12

postgresqlpostgresqlMatch7.4.13

postgresqlpostgresqlMatch7.4.14

postgresqlpostgresqlMatch7.4.15

postgresqlpostgresqlMatch7.4.16

postgresqlpostgresqlMatch7.4.17

postgresqlpostgresqlMatch7.4.18

postgresqlpostgresqlMatch7.4.19

postgresqlpostgresqlMatch7.4.20

postgresqlpostgresqlMatch7.4.21

postgresqlpostgresqlMatch7.4.22

postgresqlpostgresqlMatch7.4.23

postgresqlpostgresqlMatch7.4.24

postgresqlpostgresqlMatch7.4.25

postgresqlpostgresqlMatch7.4.26

postgresqlpostgresqlMatch7.4.27

postgresqlpostgresqlMatch7.4.28

Node

postgresqlpostgresqlMatch8.0

postgresqlpostgresqlMatch8.0.0

postgresqlpostgresqlMatch8.0.1

postgresqlpostgresqlMatch8.0.2

postgresqlpostgresqlMatch8.0.3

postgresqlpostgresqlMatch8.0.4

postgresqlpostgresqlMatch8.0.5

postgresqlpostgresqlMatch8.0.6

postgresqlpostgresqlMatch8.0.7

postgresqlpostgresqlMatch8.0.8

postgresqlpostgresqlMatch8.0.9

postgresqlpostgresqlMatch8.0.10

postgresqlpostgresqlMatch8.0.11

postgresqlpostgresqlMatch8.0.12

postgresqlpostgresqlMatch8.0.13

postgresqlpostgresqlMatch8.0.14

postgresqlpostgresqlMatch8.0.15

postgresqlpostgresqlMatch8.0.16

postgresqlpostgresqlMatch8.0.17

postgresqlpostgresqlMatch8.0.18

postgresqlpostgresqlMatch8.0.19

postgresqlpostgresqlMatch8.0.20

postgresqlpostgresqlMatch8.0.21

postgresqlpostgresqlMatch8.0.22

postgresqlpostgresqlMatch8.0.23

postgresqlpostgresqlMatch8.0.24

Node

postgresqlpostgresqlMatch8.1

postgresqlpostgresqlMatch8.1.0

postgresqlpostgresqlMatch8.1.1

postgresqlpostgresqlMatch8.1.2

postgresqlpostgresqlMatch8.1.3

postgresqlpostgresqlMatch8.1.4

postgresqlpostgresqlMatch8.1.5

postgresqlpostgresqlMatch8.1.6

postgresqlpostgresqlMatch8.1.7

postgresqlpostgresqlMatch8.1.8

postgresqlpostgresqlMatch8.1.9

postgresqlpostgresqlMatch8.1.10

postgresqlpostgresqlMatch8.1.11

postgresqlpostgresqlMatch8.1.12

postgresqlpostgresqlMatch8.1.13

postgresqlpostgresqlMatch8.1.14

postgresqlpostgresqlMatch8.1.15

postgresqlpostgresqlMatch8.1.16

postgresqlpostgresqlMatch8.1.17

postgresqlpostgresqlMatch8.1.18

postgresqlpostgresqlMatch8.1.19

postgresqlpostgresqlMatch8.1.20

Node

postgresqlpostgresqlMatch8.2

postgresqlpostgresqlMatch8.2.1

postgresqlpostgresqlMatch8.2.2

postgresqlpostgresqlMatch8.2.3

postgresqlpostgresqlMatch8.2.4

postgresqlpostgresqlMatch8.2.5

postgresqlpostgresqlMatch8.2.6

postgresqlpostgresqlMatch8.2.7

postgresqlpostgresqlMatch8.2.8

postgresqlpostgresqlMatch8.2.9

postgresqlpostgresqlMatch8.2.10

postgresqlpostgresqlMatch8.2.11

postgresqlpostgresqlMatch8.2.12

postgresqlpostgresqlMatch8.2.13

postgresqlpostgresqlMatch8.2.14

postgresqlpostgresqlMatch8.2.15

postgresqlpostgresqlMatch8.2.16

Node

postgresqlpostgresqlMatch8.3

postgresqlpostgresqlMatch8.3.1

postgresqlpostgresqlMatch8.3.2

postgresqlpostgresqlMatch8.3.3

postgresqlpostgresqlMatch8.3.4

postgresqlpostgresqlMatch8.3.5

postgresqlpostgresqlMatch8.3.6

postgresqlpostgresqlMatch8.3.7

postgresqlpostgresqlMatch8.3.8

postgresqlpostgresqlMatch8.3.9

postgresqlpostgresqlMatch8.3.10

Node

postgresqlpostgresqlMatch8.4

postgresqlpostgresqlMatch8.4.1

postgresqlpostgresqlMatch8.4.2

postgresqlpostgresqlMatch8.4.3

Node

postgresqlpostgresqlMatch9.0.0beta1

References

lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

marc.info/?l=bugtraq&m=134124585221119&w=2

secunia.com/advisories/39939

www.debian.org/security/2010/dsa-2051

www.mandriva.com/security/advisories?name=MDVSA-2010:103

www.postgresql.org/docs/current/static/release-7-4-29.html

www.postgresql.org/docs/current/static/release-8-0-25.html

www.postgresql.org/docs/current/static/release-8-1-21.html

www.postgresql.org/docs/current/static/release-8-2-17.html

www.postgresql.org/docs/current/static/release-8-3-11.html

www.postgresql.org/docs/current/static/release-8-4-4.html

www.securityfocus.com/bid/40304

www.vupen.com/english/advisories/2010/1207

www.vupen.com/english/advisories/2010/1221

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for NVD:CVE-2010-1975

openvas12 seebug1 cve1 veracode1 prion1 postgresql1 cvelist1 ubuntucve1 centos3 redhat3 debian3 nessus19 ubuntu1 oraclelinux3 osv1 gentoo1