20 matches found
SUSE CVE-2019-10129
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. Exploit prerequisites...
Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere
Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL. Vulnerability Details CVEID: CVE-2019-10130 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation by th...
PostgreSQL 11.x < 11.3 Memory Disclosure Vulnerability - Linux
PostgreSQL is prone to a memory disclosure vulnerability in the partition routing. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PostgreSQL 11.x < 11.3 Memory Disclosure Vulnerability - Windows
PostgreSQL is prone to a memory disclosure vulnerability in the partition routing. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2019-10129
CVE-2019-10129 affects PostgreSQL 11.x before 11.3. An attacker can read arbitrary bytes of server memory by using a crafted INSERT into a partitioned table; in default config, any user can create such a partitioned table. The connected documents indicate a remediation: upgrading to PostgreSQL 11...
Fedora 30 : libpq / postgresql (2019-9f04a701c0)
New upstream release 11.4 Per release notes: https://www.postgresql.org/docs/11/release-11-4.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. CVE-2019-10130:...
MGASA-2019-0189 Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. CVE-2019-10130:...
PostgreSQL 9.4.x < 9.4.22 / 9.5.x < 9.5.17 / 9.6.x < 9.6.13 / 10.x < 10.8 / 11.x < 11.3 Multiple vulnerabilities
The version of PostgreSQL installed on the remote host is 9.4.x prior to 9.4.22, 9.5.x prior to 9.5.17, 9.6.x prior to 9.6.13, 10.x prior to 10.8, or 11.x prior to 11.3. It is, therefore, affected by multiple vulnerabilities. - A remote code execution vulnerability exists in both, the BigSQL and...
Ubuntu: Security Advisory (USN-3972-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 8 package postgresql11 version 11.3-alt0.M80P.1
11.3-alt0.M80P.1 built May 14, 2019 Alexei Takaseev in task 229145 May 9, 2019 Alexei Takaseev - 11.3 - Fixes CVE-2019-10129, CVE-2019-10130...
Ubuntu 16.04 LTS / 18.04 LTS : PostgreSQL vulnerabilities (USN-3972-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3972-1 advisory. It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes ...
USN-3972-1: PostgreSQL vulnerabilities
It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. CVE-2019-10129 Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. ...
CVE-2019-10129
Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. Exploit prerequisites are the same as for CVE-2018-1052...
FreeBSD : PostgreSQL -- Memory disclosure in partition routing (e66a5440-7258-11e9-b0e1-6cc21735f730)
The PostgreSQL project reports : Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
KLA11572 Multiple vulnerabilities in PostgreSQL
Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A vulnerability in PostgreSQL can be exploited via reading th...
Security fix for the ALT Linux 8 package postgresql12 version 11.3-alt0.M80P.1
May 9, 2019 Alexei Takaseev 11.3-alt0.M80P.1 - 11.3 - Fixes CVE-2019-10129, CVE-2019-10130...
Security fix for the ALT Linux 10 package postgresql13 version 11.3-alt1
May 8, 2019 Alexei Takaseev 11.3-alt1 - 11.3 - Fixes CVE-2019-10129, CVE-2019-10130...
Security fix for the ALT Linux 10 package postgresql14 version 11.3-alt1
May 8, 2019 Alexei Takaseev 11.3-alt1 - 11.3 - Fixes CVE-2019-10129, CVE-2019-10130...
Security fix for the ALT Linux 9 package postgresql12 version 11.3-alt1
May 8, 2019 Alexei Takaseev 11.3-alt1 - 11.3 - Fixes CVE-2019-10129, CVE-2019-10130...