admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submissions from Red Hat for PostgreSQL from 2018-02-09.

Browse Source
This commit is contained in:
CVE Team 2018-02-09 08:06:12 -05:00
parent e7d47e60bd
commit 455c85dbb6
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
2 changed files with 104 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
2018/1xxx/CVE-2018-1052.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2018-02-08T00:00:00",
"ID" : "CVE-2018-1052",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "postgresql",
"version" : {
"version_data" : [
{
"version_value" : "10.x before 10.2"
}
]
}
}
]
},
"vendor_name" : "The PostgreSQL Global Development Group"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.postgresql.org/about/news/1829/"
}
]
}

61
2018/1xxx/CVE-2018-1053.json
View File

@ -1,8 +1,44 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2018-02-08T00:00:00",
"ID" : "CVE-2018-1053",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "postgresql",
"version" : {
"version_data" : [
{
"version_value" : "9.3.x before 9.3.21"
},
{
"version_value" : "9.4.x before 9.4.16"
},
{
"version_value" : "9.5.x before 9.5.11"
},
{
"version_value" : "9.6.x before 9.6.7"
},
{
"version_value" : "10.x before 10.2"
}
]
}
}
]
},
"vendor_name" : "The PostgreSQL Global Development Group"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +47,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-377"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.postgresql.org/about/news/1829/"
}
]
}