Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-10130 (GCVE-0-2019-10130)
Vulnerability from cvelistv5 – Published: 2019-07-30 16:13 – Updated: 2024-08-04 22:10
VLAI?
EPSS
Summary
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
Severity ?
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.postgresql.org/about/news/1939/ | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202003-03 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PostgreSQL Project | postgresql |
Affected:
11.x up to, excluding 11.3
Affected: 10.x up to, excluding 10.8 Affected: 9.6.x up to, excluding 9.6.13 Affected: 9.5.x up to, excluding 9.5.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.postgresql.org/about/news/1939/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130"
},
{
"name": "GLSA-202003-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"name": "openSUSE-SU-2020:1227",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "postgresql",
"vendor": "PostgreSQL Project",
"versions": [
{
"status": "affected",
"version": "11.x up to, excluding 11.3"
},
{
"status": "affected",
"version": "10.x up to, excluding 10.8"
},
{
"status": "affected",
"version": "9.6.x up to, excluding 9.6.13"
},
{
"status": "affected",
"version": "9.5.x up to, excluding 9.5.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T17:06:14.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.postgresql.org/about/news/1939/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130"
},
{
"name": "GLSA-202003-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"name": "openSUSE-SU-2020:1227",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value": "11.x up to, excluding 11.3"
},
{
"version_value": "10.x up to, excluding 10.8"
},
{
"version_value": "9.6.x up to, excluding 9.6.13"
},
{
"version_value": "9.5.x up to, excluding 9.5.17"
}
]
}
}
]
},
"vendor_name": "PostgreSQL Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.postgresql.org/about/news/1939/",
"refsource": "MISC",
"url": "https://www.postgresql.org/about/news/1939/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130"
},
{
"name": "GLSA-202003-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"name": "openSUSE-SU-2020:1227",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10130",
"datePublished": "2019-07-30T16:13:46.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:09.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-10130",
"date": "2026-05-19",
"epss": "0.00194",
"percentile": "0.40987"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.5.0\", \"versionEndExcluding\": \"9.5.17\", \"matchCriteriaId\": \"CF3CD018-B236-4A51-949A-C3DD43ACFFD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.6.0\", \"versionEndExcluding\": \"9.6.13\", \"matchCriteriaId\": \"E6604DFE-F731-4D9D-A4C6-526915CF8D8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0\", \"versionEndExcluding\": \"10.8\", \"matchCriteriaId\": \"6E17C23A-8BF7-4799-8EEE-0A851FC9EC13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.3\", \"matchCriteriaId\": \"588922E6-6F1E-4219-ADB3-F9E8696E03F8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 una vulnerabilidad en PostgreSQL versiones 11.x hasta 11.3 excluy\\u00e9ndola, versiones 10.x hasta 10.8 excluy\\u00e9ndola, versiones 9.6.x hasta 9.6.13 excluy\\u00e9ndola, versiones 9.5.x hasta 9.5.17 excluy\\u00e9ndola. PostgreSQL mantiene estad\\u00edsticas de columna para tablas. Ciertas estad\\u00edsticas, como los histogramas y las listas de valores m\\u00e1s comunes, contienen valores tomados de la columna. PostgreSQL no eval\\u00faa las pol\\u00edticas de seguridad de fila antes de consultar esas estad\\u00edsticas durante la planificaci\\u00f3n de la consulta; un atacante puede explotar esto para leer los valores m\\u00e1s comunes de ciertas columnas. Las columnas afectadas son aquellas para las cuales el atacante tiene privilegio SELECT y para las cuales, en una consulta ordinaria, la seguridad a nivel de fila elimina el conjunto de filas visibles para el atacante.\"}]",
"id": "CVE-2019-10130",
"lastModified": "2024-11-21T04:18:28.707",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 3.1, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-07-30T17:15:12.327",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-03\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.postgresql.org/about/news/1939/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.postgresql.org/about/news/1939/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-10130\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2019-07-30T17:15:12.327\",\"lastModified\":\"2024-11-21T04:18:28.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una vulnerabilidad en PostgreSQL versiones 11.x hasta 11.3 excluy\u00e9ndola, versiones 10.x hasta 10.8 excluy\u00e9ndola, versiones 9.6.x hasta 9.6.13 excluy\u00e9ndola, versiones 9.5.x hasta 9.5.17 excluy\u00e9ndola. PostgreSQL mantiene estad\u00edsticas de columna para tablas. Ciertas estad\u00edsticas, como los histogramas y las listas de valores m\u00e1s comunes, contienen valores tomados de la columna. PostgreSQL no eval\u00faa las pol\u00edticas de seguridad de fila antes de consultar esas estad\u00edsticas durante la planificaci\u00f3n de la consulta; un atacante puede explotar esto para leer los valores m\u00e1s comunes de ciertas columnas. Las columnas afectadas son aquellas para las cuales el atacante tiene privilegio SELECT y para las cuales, en una consulta ordinaria, la seguridad a nivel de fila elimina el conjunto de filas visibles para el atacante.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.5.0\",\"versionEndExcluding\":\"9.5.17\",\"matchCriteriaId\":\"CF3CD018-B236-4A51-949A-C3DD43ACFFD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.6.0\",\"versionEndExcluding\":\"9.6.13\",\"matchCriteriaId\":\"E6604DFE-F731-4D9D-A4C6-526915CF8D8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.8\",\"matchCriteriaId\":\"6E17C23A-8BF7-4799-8EEE-0A851FC9EC13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.3\",\"matchCriteriaId\":\"588922E6-6F1E-4219-ADB3-F9E8696E03F8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-03\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.postgresql.org/about/news/1939/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.postgresql.org/about/news/1939/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2025-AVI-0947
Vulnerability from certfr_avis - Published: 2025-10-31 - Updated: 2025-10-31
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.9.iFix005 pour Unix | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.4.x antérieures à 6.4.0.2.iFix004 pour Unix | ||
| IBM | QRadar | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP14 | ||
| IBM | QRadar Hub | Qradar Hub versions antérieures à 3.9.0 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.5.iFix008 pour Unix | ||
| IBM | QRadar | QRadar Incident Forensics versions 7.5.x antérieures à 7.5.0 UP14 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.9.iFix005 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.2.iFix004 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Qradar Hub versions ant\u00e9rieures \u00e0 3.9.0",
"product": {
"name": "QRadar Hub",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.5.iFix008 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-54389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54389"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2022-26336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26336"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-38464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38464"
},
{
"name": "CVE-2025-38211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38211"
},
{
"name": "CVE-2023-45145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45145"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2025-38332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38332"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36007"
},
{
"name": "CVE-2012-0868",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-21096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21096"
},
{
"name": "CVE-2019-10130",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10130"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36137"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38477"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2017-7484",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7484"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
}
],
"initial_release_date": "2025-10-31T00:00:00",
"last_revision_date": "2025-10-31T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0947",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249678",
"url": "https://www.ibm.com/support/pages/node/7249678"
},
{
"published_at": "2025-10-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249277",
"url": "https://www.ibm.com/support/pages/node/7249277"
},
{
"published_at": "2025-10-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249661",
"url": "https://www.ibm.com/support/pages/node/7249661"
},
{
"published_at": "2025-10-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249276",
"url": "https://www.ibm.com/support/pages/node/7249276"
}
]
}
CERTFR-2025-AVI-0947
Vulnerability from certfr_avis - Published: 2025-10-31 - Updated: 2025-10-31
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.9.iFix005 pour Unix | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.4.x antérieures à 6.4.0.2.iFix004 pour Unix | ||
| IBM | QRadar | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP14 | ||
| IBM | QRadar Hub | Qradar Hub versions antérieures à 3.9.0 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.5.iFix008 pour Unix | ||
| IBM | QRadar | QRadar Incident Forensics versions 7.5.x antérieures à 7.5.0 UP14 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.9.iFix005 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.2.iFix004 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Qradar Hub versions ant\u00e9rieures \u00e0 3.9.0",
"product": {
"name": "QRadar Hub",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.5.iFix008 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-54389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54389"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2022-26336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26336"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-38464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38464"
},
{
"name": "CVE-2025-38211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38211"
},
{
"name": "CVE-2023-45145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45145"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2025-38332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38332"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36007"
},
{
"name": "CVE-2012-0868",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-21096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21096"
},
{
"name": "CVE-2019-10130",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10130"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36137"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38477"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2017-7484",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7484"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
}
],
"initial_release_date": "2025-10-31T00:00:00",
"last_revision_date": "2025-10-31T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0947",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249678",
"url": "https://www.ibm.com/support/pages/node/7249678"
},
{
"published_at": "2025-10-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249277",
"url": "https://www.ibm.com/support/pages/node/7249277"
},
{
"published_at": "2025-10-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249661",
"url": "https://www.ibm.com/support/pages/node/7249661"
},
{
"published_at": "2025-10-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249276",
"url": "https://www.ibm.com/support/pages/node/7249276"
}
]
}
BDU:2019-04641
Vulnerability from fstec - Published: 30.07.2019
VLAI Severity ?
Title
Уязвимость системы управления базами данных PostgreSQL, связанная с некорректным контролем доступа, позволяющая нарушителю получить доступ к конфиденциальным данным
Description
Уязвимость системы управления базами данных PostgreSQL связана с ошибкой политики безопасности, в которой значения столбцов, которые имеют привилегию SELECT, могут быть прочитаны. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить доступ к конфиденциальным данным
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., PostgreSQL Global Development Group, Postgres Professional
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, PostgreSQL, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Postgres Pro Certified (запись в едином реестре российских программ №104)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), от 11.0 до 11.3 (PostgreSQL), от 10.0 до 10.8 (PostgreSQL), от 9.5.0 до 9.5.17 (PostgreSQL), от 9.6.0 до 9.6.13 (PostgreSQL), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), до 11.11.1 (Postgres Pro Certified)
Possible Mitigations
Использование рекомендаций:
Для PostgreSQL 11:
Обновление программного обеспечения до 11.5-1 или более поздней версии
Для PostgreSQL 9.4:
Обновление программного обеспечения до 9.4.24-0+deb8u1 или более поздней версии
Для PostgreSQL 9.6:
Обновление программного обеспечения до 9.6.15-0+deb9u1 или более поздней версии
Для Postgres Pro Certified:
https://postgrespro.ru/products/postgrespro/certified
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2019-10130/
Для Debian:
https://security-tracker.debian.org/tracker/CVE-2019-10130
Для Astra Linux:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-10130
https://security-tracker.debian.org/tracker/CVE-2019-10130
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20201207SE16MD
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186
https://www.postgresql.org/about/news/1939/
https://www.suse.com/security/cve/CVE-2019-10130/
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://postgrespro.ru/products/postgrespro/certified
CWE
CWE-284
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., PostgreSQL Global Development Group, Postgres Professional",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u043e\u0442 11.0 \u0434\u043e 11.3 (PostgreSQL), \u043e\u0442 10.0 \u0434\u043e 10.8 (PostgreSQL), \u043e\u0442 9.5.0 \u0434\u043e 9.5.17 (PostgreSQL), \u043e\u0442 9.6.0 \u0434\u043e 9.6.13 (PostgreSQL), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u0434\u043e 11.11.1 (Postgres Pro Certified)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f PostgreSQL 11:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 11.5-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f PostgreSQL 9.4:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 9.4.24-0+deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f PostgreSQL 9.6:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 9.6.15-0+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Postgres Pro Certified:\nhttps://postgrespro.ru/products/postgrespro/certified\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2019-10130/\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2019-10130\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.07.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.08.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.12.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04641",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-10130",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, PostgreSQL, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Postgres Pro Certified (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116104)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.0 32-bit, Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0441\u0442\u043e\u043b\u0431\u0446\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u043c\u0435\u044e\u0442 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044e SELECT, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u043d\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-10130\nhttps://security-tracker.debian.org/tracker/CVE-2019-10130\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20201207SE16MD\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186\nhttps://www.postgresql.org/about/news/1939/\nhttps://www.suse.com/security/cve/CVE-2019-10130/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://postgrespro.ru/products/postgrespro/certified",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0423\u0411\u0414, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
cleanstart-2026-fw42039
Vulnerability from cleanstart
Published
2026-01-30 17:19
Modified
2026-01-29 18:58
Summary
vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT
Details
Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.6.4-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-FW42039",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T17:19:56.954092Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FW42039"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15098"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7484"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7485"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7486"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7546"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7547"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1052"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16850"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10129"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10130"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10208"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10209"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14349"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14350"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-25694"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-25695"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-25696"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-20229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-23214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32027"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32028"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32029"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3393"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3677"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-2625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41862"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2454"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2455"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39418"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-5870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7348"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-51476"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-51477"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15098"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7484"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7485"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7486"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7546"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7547"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1052"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16850"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10129"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10130"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10208"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10209"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14349"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14350"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25694"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25695"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25696"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32027"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32028"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32029"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3393"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3677"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41862"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2454"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2455"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39418"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7348"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51476"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51477"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT",
"upstream": [
"CVE-2017-15098",
"CVE-2017-15099",
"CVE-2017-7484",
"CVE-2017-7485",
"CVE-2017-7486",
"CVE-2017-7546",
"CVE-2017-7547",
"CVE-2017-7548",
"CVE-2018-1052",
"CVE-2018-1058",
"CVE-2018-16850",
"CVE-2019-10129",
"CVE-2019-10130",
"CVE-2019-10208",
"CVE-2019-10209",
"CVE-2020-14349",
"CVE-2020-14350",
"CVE-2020-25694",
"CVE-2020-25695",
"CVE-2020-25696",
"CVE-2021-20229",
"CVE-2021-23214",
"CVE-2021-32027",
"CVE-2021-32028",
"CVE-2021-32029",
"CVE-2021-3393",
"CVE-2021-3677",
"CVE-2022-2625",
"CVE-2022-41862",
"CVE-2023-2454",
"CVE-2023-2455",
"CVE-2023-39418",
"CVE-2023-5870",
"CVE-2024-7348",
"CVE-2025-51476",
"CVE-2025-51477"
]
}
cleanstart-2026-hj04971
Vulnerability from cleanstart
Published
2026-01-30 17:21
Modified
2026-01-29 18:58
Summary
vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT
Details
Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.6.4-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-HJ04971",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T17:21:56.808972Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-HJ04971"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15098"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7484"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7485"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7486"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7546"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7547"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1052"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16850"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10129"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10130"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10208"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10209"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14349"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14350"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-25694"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-25695"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-25696"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-20229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-23214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32027"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32028"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32029"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3393"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3677"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-2625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41862"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2454"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2455"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39418"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-5870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7348"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15098"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7484"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7485"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7486"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7546"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7547"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1052"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16850"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10129"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10130"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10208"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10209"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14349"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14350"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25694"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25695"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25696"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32027"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32028"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32029"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3393"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3677"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41862"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2454"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2455"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39418"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7348"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT",
"upstream": [
"CVE-2017-15098",
"CVE-2017-15099",
"CVE-2017-7484",
"CVE-2017-7485",
"CVE-2017-7486",
"CVE-2017-7546",
"CVE-2017-7547",
"CVE-2017-7548",
"CVE-2018-1052",
"CVE-2018-1058",
"CVE-2018-16850",
"CVE-2019-10129",
"CVE-2019-10130",
"CVE-2019-10208",
"CVE-2019-10209",
"CVE-2020-14349",
"CVE-2020-14350",
"CVE-2020-25694",
"CVE-2020-25695",
"CVE-2020-25696",
"CVE-2021-20229",
"CVE-2021-23214",
"CVE-2021-32027",
"CVE-2021-32028",
"CVE-2021-32029",
"CVE-2021-3393",
"CVE-2021-3677",
"CVE-2022-2625",
"CVE-2022-41862",
"CVE-2023-2454",
"CVE-2023-2455",
"CVE-2023-39418",
"CVE-2023-5870",
"CVE-2024-7348"
]
}
CNVD-2019-14248
Vulnerability from cnvd - Published: 2019-05-14
VLAI Severity ?
Title
PostgreSQL未经授权访问漏洞
Description
PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。
PostgreSQL 9.6版本中存在安全漏洞。攻击者可利用该漏洞绕过安全策略。
Severity
中
Patch Name
PostgreSQL未经授权访问漏洞的补丁
Patch Description
PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。
PostgreSQL 9.6版本中存在安全漏洞。攻击者可利用该漏洞绕过安全策略。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.postgresql.org/about/news/1939/
Reference
https://www.debian.org/security/2019/dsa-4439
Impacted products
| Name | PostgreSQL Postgresql 9.6 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-10130"
}
},
"description": "PostgreSQL\u662fPostgreSQL\u7ec4\u7ec7\u7684\u4e00\u5957\u81ea\u7531\u7684\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\n\nPostgreSQL 9.6\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u7b56\u7565\u3002",
"discovererName": "unknwon",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.postgresql.org/about/news/1939/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-14248",
"openTime": "2019-05-14",
"patchDescription": "PostgreSQL\u662fPostgreSQL\u7ec4\u7ec7\u7684\u4e00\u5957\u81ea\u7531\u7684\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nPostgreSQL 9.6\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u7b56\u7565\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "PostgreSQL\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "PostgreSQL Postgresql 9.6"
},
"referenceLink": "https://www.debian.org/security/2019/dsa-4439",
"serverity": "\u4e2d",
"submitTime": "2019-05-14",
"title": "PostgreSQL\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}
FKIE_CVE-2019-10130
Vulnerability from fkie_nvd - Published: 2019-07-30 17:15 - Updated: 2024-11-21 04:18
Severity ?
Summary
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202003-03 | Third Party Advisory | |
| secalert@redhat.com | https://www.postgresql.org/about/news/1939/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-03 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.postgresql.org/about/news/1939/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postgresql | postgresql | * | |
| postgresql | postgresql | * | |
| postgresql | postgresql | * | |
| postgresql | postgresql | * | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3CD018-B236-4A51-949A-C3DD43ACFFD6",
"versionEndExcluding": "9.5.17",
"versionStartIncluding": "9.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6604DFE-F731-4D9D-A4C6-526915CF8D8D",
"versionEndExcluding": "9.6.13",
"versionStartIncluding": "9.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E17C23A-8BF7-4799-8EEE-0A851FC9EC13",
"versionEndExcluding": "10.8",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "588922E6-6F1E-4219-ADB3-F9E8696E03F8",
"versionEndExcluding": "11.3",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en PostgreSQL versiones 11.x hasta 11.3 excluy\u00e9ndola, versiones 10.x hasta 10.8 excluy\u00e9ndola, versiones 9.6.x hasta 9.6.13 excluy\u00e9ndola, versiones 9.5.x hasta 9.5.17 excluy\u00e9ndola. PostgreSQL mantiene estad\u00edsticas de columna para tablas. Ciertas estad\u00edsticas, como los histogramas y las listas de valores m\u00e1s comunes, contienen valores tomados de la columna. PostgreSQL no eval\u00faa las pol\u00edticas de seguridad de fila antes de consultar esas estad\u00edsticas durante la planificaci\u00f3n de la consulta; un atacante puede explotar esto para leer los valores m\u00e1s comunes de ciertas columnas. Las columnas afectadas son aquellas para las cuales el atacante tiene privilegio SELECT y para las cuales, en una consulta ordinaria, la seguridad a nivel de fila elimina el conjunto de filas visibles para el atacante."
}
],
"id": "CVE-2019-10130",
"lastModified": "2024-11-21T04:18:28.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T17:15:12.327",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.postgresql.org/about/news/1939/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.postgresql.org/about/news/1939/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5RXR-V694-CXFJ
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2024-04-04 01:24
VLAI?
Details
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
Severity ?
4.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-10130"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-30T17:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.",
"id": "GHSA-5rxr-v694-cxfj",
"modified": "2024-04-04T01:24:53Z",
"published": "2022-05-24T16:51:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10130"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"type": "WEB",
"url": "https://www.postgresql.org/about/news/1939"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2019-10130
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-10130",
"description": "A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.",
"id": "GSD-2019-10130",
"references": [
"https://www.suse.com/security/cve/CVE-2019-10130.html",
"https://www.debian.org/security/2019/dsa-4439",
"https://access.redhat.com/errata/RHSA-2021:0167",
"https://access.redhat.com/errata/RHSA-2021:0166",
"https://access.redhat.com/errata/RHSA-2021:0164",
"https://access.redhat.com/errata/RHSA-2020:5664",
"https://access.redhat.com/errata/RHSA-2020:5661",
"https://access.redhat.com/errata/RHSA-2020:5619",
"https://access.redhat.com/errata/RHSA-2020:4295",
"https://access.redhat.com/errata/RHSA-2020:3669",
"https://access.redhat.com/errata/RHSA-2020:0980",
"https://ubuntu.com/security/CVE-2019-10130",
"https://advisories.mageia.org/CVE-2019-10130.html",
"https://alas.aws.amazon.com/cve/html/CVE-2019-10130.html",
"https://linux.oracle.com/cve/CVE-2019-10130.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-10130"
],
"details": "A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.",
"id": "GSD-2019-10130",
"modified": "2023-12-13T01:23:59.940590Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value": "11.x up to, excluding 11.3"
},
{
"version_value": "10.x up to, excluding 10.8"
},
{
"version_value": "9.6.x up to, excluding 9.6.13"
},
{
"version_value": "9.5.x up to, excluding 9.5.17"
}
]
}
}
]
},
"vendor_name": "PostgreSQL Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.postgresql.org/about/news/1939/",
"refsource": "MISC",
"url": "https://www.postgresql.org/about/news/1939/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130"
},
{
"name": "GLSA-202003-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"name": "openSUSE-SU-2020:1227",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.5.17",
"versionStartIncluding": "9.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.6.13",
"versionStartIncluding": "9.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.8",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.3",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10130"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.postgresql.org/about/news/1939/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.postgresql.org/about/news/1939/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130"
},
{
"name": "GLSA-202003-03",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"name": "openSUSE-SU-2020:1227",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2020-09-30T14:08Z",
"publishedDate": "2019-07-30T17:15Z"
}
}
}
OPENSUSE-SU-2019:1773-1
Vulnerability from csaf_opensuse - Published: 2019-07-21 05:38 - Updated: 2019-07-21 05:38Summary
Security update for postgresql10
Severity
Moderate
Notes
Title of the patch: Security update for postgresql10
Description of the patch: This update for postgresql10 fixes the following issues:
Security issue fixed:
- CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034).
- CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689).
Bug fixes:
- For a complete list of fixes check the release notes.
* https://www.postgresql.org/docs/10/release-10-9.html
* https://www.postgresql.org/docs/10/release-10-8.html
* https://www.postgresql.org/docs/10/release-10-7.html
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1773
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libecpg6-32bit-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpq5-32bit-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-docs-10.9-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libecpg6-32bit-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpq5-32bit-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-docs-10.9-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libecpg6-32bit-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpq5-32bit-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-docs-10.9-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libecpg6-32bit-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpq5-32bit-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-docs-10.9-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1134689 | self |
| https://bugzilla.suse.com/1138034 | self |
| https://www.suse.com/security/cve/CVE-2019-10130/ | self |
| https://www.suse.com/security/cve/CVE-2019-10164/ | self |
| https://www.suse.com/security/cve/CVE-2019-10130 | external |
| https://bugzilla.suse.com/1134689 | external |
| https://www.suse.com/security/cve/CVE-2019-10164 | external |
| https://bugzilla.suse.com/1138034 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for postgresql10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for postgresql10 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034).\n- CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689).\n\nBug fixes:\n\n- For a complete list of fixes check the release notes.\n \n * https://www.postgresql.org/docs/10/release-10-9.html\n * https://www.postgresql.org/docs/10/release-10-8.html\n * https://www.postgresql.org/docs/10/release-10-7.html\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1773",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1773-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1773-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J5LKOBMANBHF23QUQKNUNKNKKHOTXVZJ/#J5LKOBMANBHF23QUQKNUNKNKKHOTXVZJ"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1773-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J5LKOBMANBHF23QUQKNUNKNKKHOTXVZJ/#J5LKOBMANBHF23QUQKNUNKNKKHOTXVZJ"
},
{
"category": "self",
"summary": "SUSE Bug 1134689",
"url": "https://bugzilla.suse.com/1134689"
},
{
"category": "self",
"summary": "SUSE Bug 1138034",
"url": "https://bugzilla.suse.com/1138034"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10130 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10164 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10164/"
}
],
"title": "Security update for postgresql10",
"tracking": {
"current_release_date": "2019-07-21T05:38:18Z",
"generator": {
"date": "2019-07-21T05:38:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1773-1",
"initial_release_date": "2019-07-21T05:38:18Z",
"revision_history": [
{
"date": "2019-07-21T05:38:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libecpg6-10.9-lp151.2.3.1.i586",
"product": {
"name": "libecpg6-10.9-lp151.2.3.1.i586",
"product_id": "libecpg6-10.9-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libpq5-10.9-lp151.2.3.1.i586",
"product": {
"name": "libpq5-10.9-lp151.2.3.1.i586",
"product_id": "libpq5-10.9-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "postgresql10-10.9-lp151.2.3.1.i586",
"product": {
"name": "postgresql10-10.9-lp151.2.3.1.i586",
"product_id": "postgresql10-10.9-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "postgresql10-contrib-10.9-lp151.2.3.1.i586",
"product": {
"name": "postgresql10-contrib-10.9-lp151.2.3.1.i586",
"product_id": "postgresql10-contrib-10.9-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "postgresql10-devel-10.9-lp151.2.3.1.i586",
"product": {
"name": "postgresql10-devel-10.9-lp151.2.3.1.i586",
"product_id": "postgresql10-devel-10.9-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "postgresql10-plperl-10.9-lp151.2.3.1.i586",
"product": {
"name": "postgresql10-plperl-10.9-lp151.2.3.1.i586",
"product_id": "postgresql10-plperl-10.9-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "postgresql10-plpython-10.9-lp151.2.3.1.i586",
"product": {
"name": "postgresql10-plpython-10.9-lp151.2.3.1.i586",
"product_id": "postgresql10-plpython-10.9-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"product": {
"name": "postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"product_id": "postgresql10-pltcl-10.9-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "postgresql10-server-10.9-lp151.2.3.1.i586",
"product": {
"name": "postgresql10-server-10.9-lp151.2.3.1.i586",
"product_id": "postgresql10-server-10.9-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "postgresql10-test-10.9-lp151.2.3.1.i586",
"product": {
"name": "postgresql10-test-10.9-lp151.2.3.1.i586",
"product_id": "postgresql10-test-10.9-lp151.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql10-docs-10.9-lp151.2.3.1.noarch",
"product": {
"name": "postgresql10-docs-10.9-lp151.2.3.1.noarch",
"product_id": "postgresql10-docs-10.9-lp151.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libecpg6-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "libecpg6-10.9-lp151.2.3.1.x86_64",
"product_id": "libecpg6-10.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"product_id": "libecpg6-32bit-10.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpq5-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "libpq5-10.9-lp151.2.3.1.x86_64",
"product_id": "libpq5-10.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"product_id": "libpq5-32bit-10.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql10-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "postgresql10-10.9-lp151.2.3.1.x86_64",
"product_id": "postgresql10-10.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"product_id": "postgresql10-contrib-10.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"product_id": "postgresql10-devel-10.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"product_id": "postgresql10-plperl-10.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"product_id": "postgresql10-plpython-10.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"product_id": "postgresql10-pltcl-10.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql10-server-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "postgresql10-server-10.9-lp151.2.3.1.x86_64",
"product_id": "postgresql10-server-10.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql10-test-10.9-lp151.2.3.1.x86_64",
"product": {
"name": "postgresql10-test-10.9-lp151.2.3.1.x86_64",
"product_id": "postgresql10-test-10.9-lp151.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.i586"
},
"product_reference": "libecpg6-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "libecpg6-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-32bit-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libecpg6-32bit-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.i586"
},
"product_reference": "libpq5-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "libpq5-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-32bit-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpq5-32bit-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-contrib-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-contrib-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-contrib-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-devel-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-devel-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-devel-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-docs-10.9-lp151.2.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-docs-10.9-lp151.2.3.1.noarch"
},
"product_reference": "postgresql10-docs-10.9-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-plperl-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-plperl-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-plperl-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-plpython-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-plpython-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-plpython-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-pltcl-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-pltcl-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-server-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-server-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-server-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-server-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-test-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-test-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-test-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-test-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.i586"
},
"product_reference": "libecpg6-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "libecpg6-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-32bit-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libecpg6-32bit-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.i586"
},
"product_reference": "libpq5-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "libpq5-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-32bit-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpq5-32bit-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-contrib-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-contrib-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-contrib-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-devel-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-devel-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-devel-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-docs-10.9-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-docs-10.9-lp151.2.3.1.noarch"
},
"product_reference": "postgresql10-docs-10.9-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-plperl-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-plperl-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-plperl-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-plpython-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-plpython-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-plpython-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-pltcl-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-pltcl-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-server-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-server-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-server-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-server-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-test-10.9-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.i586"
},
"product_reference": "postgresql10-test-10.9-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql10-test-10.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.x86_64"
},
"product_reference": "postgresql10-test-10.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10130"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10130",
"url": "https://www.suse.com/security/cve/CVE-2019-10130"
},
{
"category": "external",
"summary": "SUSE Bug 1134689 for CVE-2019-10130",
"url": "https://bugzilla.suse.com/1134689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:38:18Z",
"details": "moderate"
}
],
"title": "CVE-2019-10130"
},
{
"cve": "CVE-2019-10164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10164"
}
],
"notes": [
{
"category": "general",
"text": "PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user\u0027s own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10164",
"url": "https://www.suse.com/security/cve/CVE-2019-10164"
},
{
"category": "external",
"summary": "SUSE Bug 1138034 for CVE-2019-10164",
"url": "https://bugzilla.suse.com/1138034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.0:postgresql10-test-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libecpg6-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libecpg6-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:libpq5-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:libpq5-32bit-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-contrib-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-devel-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-docs-10.9-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plperl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-plpython-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-pltcl-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-server-10.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.i586",
"openSUSE Leap 15.1:postgresql10-test-10.9-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-21T05:38:18Z",
"details": "important"
}
],
"title": "CVE-2019-10164"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…