what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2018-10925

Status Candidate

Overview

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.

Related Files

Red Hat Security Advisory 2018-3816-01
Posted Dec 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include memory disclosure and client-side security problems.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2018-1053, CVE-2018-1058, CVE-2018-10915, CVE-2018-10925
SHA-256 | 5babb9742f0b837b18016ae6e3fd236587c37fab6420f152508b801587269e6c
Download | Favorite | View
Gentoo Linux Security Advisory 201810-08
Posted Oct 31, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201810-8 - Multiple vulnerabilities have been found in PostgreSQL, the worst which could lead to privilege escalation. Versions less than 10.5 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2018-10915, CVE-2018-10925, CVE-2018-1115
SHA-256 | debe17bd797552196004c1bd035d68c747b8acf9c1fd29e8fcd59615fb655e2c
Download | Favorite | View
Red Hat Security Advisory 2018-2566-01
Posted Aug 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2566-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a client-side security defense vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-15098, CVE-2017-15099, CVE-2018-1053, CVE-2018-1058, CVE-2018-10915, CVE-2018-10925, CVE-2018-1115
SHA-256 | 649f115a5ba63c8d907307cbe47bfc473e9c62f89295c50c0d2cf506f40c295d
Download | Favorite | View
Red Hat Security Advisory 2018-2565-01
Posted Aug 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2565-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include client-side defense vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2018-10915, CVE-2018-10925, CVE-2018-1115
SHA-256 | 465541ea0c3b67ecdb7640e1849255b472b52b1d12a055c7a628fbee5ef23dc5
Download | Favorite | View
Red Hat Security Advisory 2018-2511-01
Posted Aug 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2511-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a memory disclosure vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-15098, CVE-2017-15099, CVE-2018-1053, CVE-2018-1058, CVE-2018-10915, CVE-2018-10925
SHA-256 | 4ca4c3db9cbd55205ea2c05acb3d63b066329838d8eabd3c12d93281db527f5f
Download | Favorite | View
Ubuntu Security Notice USN-3744-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3744-1 - Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10915, CVE-2018-10925
SHA-256 | 10c7a46516045ae2ad89d98e1e273b9ca69727a9da14ccba89173432684540ae
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close