var-201907-1315
Vulnerability from variot
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052). postgresql Contains an information disclosure vulnerability.Information may be obtained. PostgreSQL is a set of free object relational database management system organized by PostgreSQL. The system supports most SQL standards and provides many other features, such as foreign keys, triggers, views, and more. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-03
https://security.gentoo.org/
Severity: Normal Title: PostgreSQL: Multiple vulnerabilities Date: March 12, 2020 Bugs: #685846, #688420, #709708 ID: 202003-03
Synopsis
Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in the execution of arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/postgresql < 9.4.26:9.4 >= 9.4.26:9.4 < 9.5.21:9.5 >= 9.5.21:9.5 < 9.6.17:9.6 >= 9.6.17:9.6 < 10.12:10 >= 10.12:10 < 11.7:11 >= 11.7:11 < 12.2:12 >= 12.2:12
Description
Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, bypass certain client-side connection security features, read arbitrary server memory, alter certain data or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All PostgreSQL 9.4.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.26:9.4"
All PostgreSQL 9.5.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.5.21:9.5"
All PostgreSQL 9.6.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.6.17:9.6"
All PostgreSQL 10.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-10.12:10"
All PostgreSQL 11.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-11.7:11"
All PostgreSQL 12.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.2:12"
References
[ 1 ] CVE-2019-10129 https://nvd.nist.gov/vuln/detail/CVE-2019-10129 [ 2 ] CVE-2019-10130 https://nvd.nist.gov/vuln/detail/CVE-2019-10130 [ 3 ] CVE-2019-10164 https://nvd.nist.gov/vuln/detail/CVE-2019-10164 [ 4 ] CVE-2020-1720 https://nvd.nist.gov/vuln/detail/CVE-2020-1720
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3972-1 May 13, 2019
postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in PostgreSQL. This issue only affected Ubuntu 19.04. (CVE-2019-10129)
Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remote attacker could possibly use this issue to bypass row security policies. (CVE-2019-10130)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: postgresql-11 11.3-0ubuntu0.19.04.1
Ubuntu 18.10: postgresql-10 10.8-0ubuntu0.18.10.1
Ubuntu 18.04 LTS: postgresql-10 10.8-0ubuntu0.18.04.1
Ubuntu 16.04 LTS: postgresql-9.5 9.5.17-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3972-1 CVE-2019-10129, CVE-2019-10130
Package Information: https://launchpad.net/ubuntu/+source/postgresql-11/11.3-0ubuntu0.19.04.1 https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.10.1 https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.17-0ubuntu0.16.04.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-1315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "postgresql",
"scope": "gte",
"trust": 1.0,
"vendor": "postgresql",
"version": "11.0"
},
{
"model": "postgresql",
"scope": "lt",
"trust": 1.0,
"vendor": "postgresql",
"version": "11.3"
},
{
"model": "postgresql",
"scope": "lt",
"trust": 0.8,
"vendor": "postgresql",
"version": "11.x"
},
{
"model": "postgresql",
"scope": "eq",
"trust": 0.8,
"vendor": "postgresql",
"version": "11.3"
},
{
"model": "postgresql",
"scope": null,
"trust": 0.6,
"vendor": "postgresql",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "19.04"
},
{
"model": "postgresql",
"scope": "eq",
"trust": 0.3,
"vendor": "postgresql",
"version": "11.2"
},
{
"model": "postgresql",
"scope": "eq",
"trust": 0.3,
"vendor": "postgresql",
"version": "11.1"
},
{
"model": "postgresql",
"scope": "eq",
"trust": 0.3,
"vendor": "postgresql",
"version": "11"
},
{
"model": "postgresql",
"scope": "ne",
"trust": 0.3,
"vendor": "postgresql",
"version": "11.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16482"
},
{
"db": "BID",
"id": "108506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007133"
},
{
"db": "NVD",
"id": "CVE-2019-10129"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.3",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10129"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu,Noah Misch and the PostgreSQL Project.,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-333"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10129",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10129",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-16482",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10129",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10129",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-10129",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-16482",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-333",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-10129",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16482"
},
{
"db": "VULMON",
"id": "CVE-2019-10129"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007133"
},
{
"db": "NVD",
"id": "CVE-2019-10129"
},
{
"db": "NVD",
"id": "CVE-2019-10129"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-333"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052). postgresql Contains an information disclosure vulnerability.Information may be obtained. PostgreSQL is a set of free object relational database management system organized by PostgreSQL. The system supports most SQL standards and provides many other features, such as foreign keys, triggers, views, and more. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: PostgreSQL: Multiple vulnerabilities\n Date: March 12, 2020\n Bugs: #685846, #688420, #709708\n ID: 202003-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PostgreSQL, the worst of\nwhich could result in the execution of arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-db/postgresql \u003c 9.4.26:9.4 \u003e= 9.4.26:9.4\n \u003c 9.5.21:9.5 \u003e= 9.5.21:9.5\n \u003c 9.6.17:9.6 \u003e= 9.6.17:9.6\n \u003c 10.12:10 \u003e= 10.12:10\n \u003c 11.7:11 \u003e= 11.7:11\n \u003c 12.2:12 \u003e= 12.2:12\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, bypass certain client-side connection\nsecurity features, read arbitrary server memory, alter certain data or\ncause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PostgreSQL 9.4.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-9.4.26:9.4\"\n\nAll PostgreSQL 9.5.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-9.5.21:9.5\"\n\nAll PostgreSQL 9.6.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-9.6.17:9.6\"\n\nAll PostgreSQL 10.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-10.12:10\"\n\nAll PostgreSQL 11.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-11.7:11\"\n\nAll PostgreSQL 12.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-12.2:12\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-10129\n https://nvd.nist.gov/vuln/detail/CVE-2019-10129\n[ 2 ] CVE-2019-10130\n https://nvd.nist.gov/vuln/detail/CVE-2019-10130\n[ 3 ] CVE-2019-10164\n https://nvd.nist.gov/vuln/detail/CVE-2019-10164\n[ 4 ] CVE-2020-1720\n https://nvd.nist.gov/vuln/detail/CVE-2020-1720\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3972-1\nMay 13, 2019\n\npostgresql-10, postgresql-11, postgresql-9.5 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PostgreSQL. This issue only affected Ubuntu 19.04. (CVE-2019-10129)\n\nDean Rasheed discovered that PostgreSQL incorrectly handled selectivity\nestimators. A remote attacker could possibly use this issue to bypass row\nsecurity policies. (CVE-2019-10130)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n postgresql-11 11.3-0ubuntu0.19.04.1\n\nUbuntu 18.10:\n postgresql-10 10.8-0ubuntu0.18.10.1\n\nUbuntu 18.04 LTS:\n postgresql-10 10.8-0ubuntu0.18.04.1\n\nUbuntu 16.04 LTS:\n postgresql-9.5 9.5.17-0ubuntu0.16.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart PostgreSQL to\nmake all the necessary changes. \n\nReferences:\n https://usn.ubuntu.com/usn/usn-3972-1\n CVE-2019-10129, CVE-2019-10130\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/postgresql-11/11.3-0ubuntu0.19.04.1\n https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.10.1\n https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.04.1\n https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.17-0ubuntu0.16.04.1\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10129"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007133"
},
{
"db": "CNVD",
"id": "CNVD-2019-16482"
},
{
"db": "BID",
"id": "108506"
},
{
"db": "VULMON",
"id": "CVE-2019-10129"
},
{
"db": "PACKETSTORM",
"id": "156711"
},
{
"db": "PACKETSTORM",
"id": "152824"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10129",
"trust": 3.6
},
{
"db": "BID",
"id": "108506",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007133",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156711",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152824",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-16482",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1681",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1668",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-333",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-10129",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16482"
},
{
"db": "VULMON",
"id": "CVE-2019-10129"
},
{
"db": "BID",
"id": "108506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007133"
},
{
"db": "PACKETSTORM",
"id": "156711"
},
{
"db": "PACKETSTORM",
"id": "152824"
},
{
"db": "NVD",
"id": "CVE-2019-10129"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-333"
}
]
},
"id": "VAR-201907-1315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16482"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16482"
}
]
},
"last_update_date": "2023-12-18T11:30:15.514000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PostgreSQL 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22 Released!",
"trust": 0.8,
"url": "https://www.postgresql.org/about/news/1939/"
},
{
"title": "Patch for PostgreSQL Memory Leak Vulnerability (CNVD-2019-16482)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/162925"
},
{
"title": "PostgreSQL Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92497"
},
{
"title": "Ubuntu Security Notice: postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3972-1"
},
{
"title": "PostgreSQL CVE: CVE-2019-10129",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=postgresql_cve\u0026qid=43abd0671e28c0d36ed09da2aa374848"
},
{
"title": "PostgreSQL Security Announcements: PostgreSQL 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22 Released!",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=postgresql_security_announcements\u0026qid=c32b14b98b9f434476d955dd6620c592"
},
{
"title": "PostgreSQL Security Announcements: PostgreSQL 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22 Released!",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=postgresql_security_announcements\u0026qid=277a6808e8230bde486f1f85b16bfac2"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-10129 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16482"
},
{
"db": "VULMON",
"id": "CVE-2019-10129"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007133"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-333"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007133"
},
{
"db": "NVD",
"id": "CVE-2019-10129"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.postgresql.org/about/news/1939/"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-10129"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10129"
},
{
"trust": 0.9,
"url": "https://www.postgresql.org/docs/11/release-11-3.html"
},
{
"trust": 0.9,
"url": "https://usn.ubuntu.com/3972-1"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10129"
},
{
"trust": 0.7,
"url": "https://usn.ubuntu.com/3972-1/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80718"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108506"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80770"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerabilities-in-ibm-robotic-process-automation-with-automation-anywhere/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152824/ubuntu-security-notice-usn-3972-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156711/gentoo-linux-security-advisory-202003-03.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10130"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.postgresql.org/support/security/cve-2019-10129/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1720"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10164"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3972-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postgresql-11/11.3-0ubuntu0.19.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.17-0ubuntu0.16.04.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16482"
},
{
"db": "VULMON",
"id": "CVE-2019-10129"
},
{
"db": "BID",
"id": "108506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007133"
},
{
"db": "PACKETSTORM",
"id": "156711"
},
{
"db": "PACKETSTORM",
"id": "152824"
},
{
"db": "NVD",
"id": "CVE-2019-10129"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-333"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-16482"
},
{
"db": "VULMON",
"id": "CVE-2019-10129"
},
{
"db": "BID",
"id": "108506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007133"
},
{
"db": "PACKETSTORM",
"id": "156711"
},
{
"db": "PACKETSTORM",
"id": "152824"
},
{
"db": "NVD",
"id": "CVE-2019-10129"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-333"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16482"
},
{
"date": "2019-07-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10129"
},
{
"date": "2019-05-09T00:00:00",
"db": "BID",
"id": "108506"
},
{
"date": "2019-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007133"
},
{
"date": "2020-03-13T14:56:18",
"db": "PACKETSTORM",
"id": "156711"
},
{
"date": "2019-05-13T15:14:37",
"db": "PACKETSTORM",
"id": "152824"
},
{
"date": "2019-07-30T17:15:12.263000",
"db": "NVD",
"id": "CVE-2019-10129"
},
{
"date": "2019-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-333"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16482"
},
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10129"
},
{
"date": "2019-05-09T00:00:00",
"db": "BID",
"id": "108506"
},
{
"date": "2019-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007133"
},
{
"date": "2023-02-03T14:26:40.660000",
"db": "NVD",
"id": "CVE-2019-10129"
},
{
"date": "2020-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-333"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "152824"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-333"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "postgresql Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007133"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-333"
}
],
"trust": 0.6
}
}
Loading...