Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-8806 (GCVE-0-2017-8806)
Vulnerability from cvelistv5
Published
2017-11-13 09:00
Modified
2024-08-05 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- handled symbolic links insecurely
Summary
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PostgreSQL-related scripts that are specific to Debian and Ubuntu |
Version: PostgreSQL-related scripts that are specific to Debian and Ubuntu |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:21.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog"
},
{
"name": "101810",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101810"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3476-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostgreSQL-related scripts that are specific to Debian and Ubuntu",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PostgreSQL-related scripts that are specific to Debian and Ubuntu"
}
]
}
],
"datePublic": "2017-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "handled symbolic links insecurely",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-16T10:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog"
},
{
"name": "101810",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101810"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://usn.ubuntu.com/usn/usn-3476-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.debian.org/security/2017/dsa-4029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-8806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostgreSQL-related scripts that are specific to Debian and Ubuntu",
"version": {
"version_data": [
{
"version_value": "PostgreSQL-related scripts that are specific to Debian and Ubuntu"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "handled symbolic links insecurely"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog",
"refsource": "CONFIRM",
"url": "http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog"
},
{
"name": "101810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101810"
},
{
"name": "https://usn.ubuntu.com/usn/usn-3476-1/",
"refsource": "CONFIRM",
"url": "https://usn.ubuntu.com/usn/usn-3476-1/"
},
{
"name": "https://www.debian.org/security/2017/dsa-4029",
"refsource": "CONFIRM",
"url": "https://www.debian.org/security/2017/dsa-4029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-8806",
"datePublished": "2017-11-13T09:00:00",
"dateReserved": "2017-05-07T00:00:00",
"dateUpdated": "2024-08-05T16:48:21.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-8806\",\"sourceIdentifier\":\"security@debian.org\",\"published\":\"2017-11-13T09:29:00.403\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.\"},{\"lang\":\"es\",\"value\":\"Los scripts de Debian pg_ctlcluster, pg_createcluster y pg_upgradecluster, tal y como se distribuyen en el paquete de Debian postgresql-common anterior a 181+deb9u1 para PostgreSQL (y otros paquetes relacionados con Debian y Ubuntu), manipularon v\u00ednculos simb\u00f3licos de forma no segura, lo que podr\u00eda desembocar en una denegaci\u00f3n de servicio local sobrescribiendo archivos arbitrarios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":3.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC070DF-4131-43BA-B975-907023E0D39F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"588D4F37-0A56-47A4-B710-4D5F3D214FB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog\",\"source\":\"security@debian.org\",\"tags\":[\"Broken Link\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101810\",\"source\":\"security@debian.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://usn.ubuntu.com/usn/usn-3476-1/\",\"source\":\"security@debian.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4029\",\"source\":\"security@debian.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://usn.ubuntu.com/usn/usn-3476-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]}]}}"
}
}
gsd-2017-8806
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-8806",
"description": "The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.",
"id": "GSD-2017-8806",
"references": [
"https://www.debian.org/security/2017/dsa-4029",
"https://ubuntu.com/security/CVE-2017-8806"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-8806"
],
"details": "The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.",
"id": "GSD-2017-8806",
"modified": "2023-12-13T01:21:08.993519Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-8806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostgreSQL-related scripts that are specific to Debian and Ubuntu",
"version": {
"version_data": [
{
"version_value": "PostgreSQL-related scripts that are specific to Debian and Ubuntu"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "handled symbolic links insecurely"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog",
"refsource": "CONFIRM",
"url": "http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog"
},
{
"name": "101810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101810"
},
{
"name": "https://usn.ubuntu.com/usn/usn-3476-1/",
"refsource": "CONFIRM",
"url": "https://usn.ubuntu.com/usn/usn-3476-1/"
},
{
"name": "https://www.debian.org/security/2017/dsa-4029",
"refsource": "CONFIRM",
"url": "https://www.debian.org/security/2017/dsa-4029"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC070DF-4131-43BA-B975-907023E0D39F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files."
},
{
"lang": "es",
"value": "Los scripts de Debian pg_ctlcluster, pg_createcluster y pg_upgradecluster, tal y como se distribuyen en el paquete de Debian postgresql-common anterior a 181+deb9u1 para PostgreSQL (y otros paquetes relacionados con Debian y Ubuntu), manipularon v\u00ednculos simb\u00f3licos de forma no segura, lo que podr\u00eda desembocar en una denegaci\u00f3n de servicio local sobrescribiendo archivos arbitrarios."
}
],
"id": "CVE-2017-8806",
"lastModified": "2024-04-01T15:50:53.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-13T09:29:00.403",
"references": [
{
"source": "security@debian.org",
"tags": [
"Broken Link",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog"
},
{
"source": "security@debian.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101810"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3476-1/"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4029"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
fkie_cve-2017-8806
Vulnerability from fkie_nvd
Published
2017-11-13 09:29
Modified
2025-04-20 01:37
Severity ?
Summary
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
References
| URL | Tags | ||
|---|---|---|---|
| security@debian.org | http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog | Broken Link, Issue Tracking, Third Party Advisory | |
| security@debian.org | http://www.securityfocus.com/bid/101810 | Broken Link, Third Party Advisory, VDB Entry | |
| security@debian.org | https://usn.ubuntu.com/usn/usn-3476-1/ | Issue Tracking, Third Party Advisory | |
| security@debian.org | https://www.debian.org/security/2017/dsa-4029 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog | Broken Link, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101810 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/usn/usn-3476-1/ | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4029 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postgresql | postgresql | - | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.04 | |
| canonical | ubuntu_linux | 17.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC070DF-4131-43BA-B975-907023E0D39F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files."
},
{
"lang": "es",
"value": "Los scripts de Debian pg_ctlcluster, pg_createcluster y pg_upgradecluster, tal y como se distribuyen en el paquete de Debian postgresql-common anterior a 181+deb9u1 para PostgreSQL (y otros paquetes relacionados con Debian y Ubuntu), manipularon v\u00ednculos simb\u00f3licos de forma no segura, lo que podr\u00eda desembocar en una denegaci\u00f3n de servicio local sobrescribiendo archivos arbitrarios."
}
],
"id": "CVE-2017-8806",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-13T09:29:00.403",
"references": [
{
"source": "security@debian.org",
"tags": [
"Broken Link",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog"
},
{
"source": "security@debian.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101810"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3476-1/"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3476-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4029"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cnvd-2017-36489
Vulnerability from cnvd
Title
Debian postgresql-common包和Ubuntu postgresql-common拒绝服务漏洞
Description
Ubuntu是英国科能(Canonical)公司和Ubuntu基金会共同开发的一套以桌面应用为主的GNU/Linux操作系统。Debian postgresql-common package是一个使用在Linux中的关系型数据库集群管理软件包。pg_ctlcluster、pg_createcluster和pg_upgradecluster都是其中的脚本。
Debian postgresql-common包181+deb9u1之前的版本和Ubuntu中的postgresql-common包的Debian pg_ctlcluster、pg_createcluster和pg_upgradecluster脚本存在安全漏洞。本地攻击者可通过覆盖任意文件利用该漏洞造成拒绝服务。
Severity
低
VLAI Severity ?
Patch Name
Debian postgresql-common包和Ubuntu postgresql-common拒绝服务漏洞的补丁
Patch Description
Ubuntu是英国科能(Canonical)公司和Ubuntu基金会共同开发的一套以桌面应用为主的GNU/Linux操作系统。Debian postgresql-common package是一个使用在Linux中的关系型数据库集群管理软件包。pg_ctlcluster、pg_createcluster和pg_upgradecluster都是其中的脚本。
Debian postgresql-common包181+deb9u1之前的版本和Ubuntu中的postgresql-common包的Debian pg_ctlcluster、pg_createcluster和pg_upgradecluster脚本存在安全漏洞。本地攻击者可通过覆盖任意文件利用该漏洞造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.debian.org/security/2017/dsa-4029
Reference
https://www.debian.org/security/2017/dsa-4029
Impacted products
| Name | ['Ubuntu Ubuntu 16.04 LTS', 'Ubuntu Ubuntu 14.04 LTS', 'Ubuntu Ubuntu 17.10', 'Ubuntu Ubuntu 17.04', 'Debian postgresql-common 181'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "101810"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-8806"
}
},
"description": "Ubuntu\u662f\u82f1\u56fd\u79d1\u80fd\uff08Canonical\uff09\u516c\u53f8\u548cUbuntu\u57fa\u91d1\u4f1a\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5\u684c\u9762\u5e94\u7528\u4e3a\u4e3b\u7684GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u3002Debian postgresql-common package\u662f\u4e00\u4e2a\u4f7f\u7528\u5728Linux\u4e2d\u7684\u5173\u7cfb\u578b\u6570\u636e\u5e93\u96c6\u7fa4\u7ba1\u7406\u8f6f\u4ef6\u5305\u3002pg_ctlcluster\u3001pg_createcluster\u548cpg_upgradecluster\u90fd\u662f\u5176\u4e2d\u7684\u811a\u672c\u3002\r\n\r\nDebian postgresql-common\u5305181+deb9u1\u4e4b\u524d\u7684\u7248\u672c\u548cUbuntu\u4e2d\u7684postgresql-common\u5305\u7684Debian pg_ctlcluster\u3001pg_createcluster\u548cpg_upgradecluster\u811a\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8986\u76d6\u4efb\u610f\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Christoph Berg",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.debian.org/security/2017/dsa-4029",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-36489",
"openTime": "2017-12-07",
"patchDescription": "Ubuntu\u662f\u82f1\u56fd\u79d1\u80fd\uff08Canonical\uff09\u516c\u53f8\u548cUbuntu\u57fa\u91d1\u4f1a\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5\u684c\u9762\u5e94\u7528\u4e3a\u4e3b\u7684GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u3002Debian postgresql-common package\u662f\u4e00\u4e2a\u4f7f\u7528\u5728Linux\u4e2d\u7684\u5173\u7cfb\u578b\u6570\u636e\u5e93\u96c6\u7fa4\u7ba1\u7406\u8f6f\u4ef6\u5305\u3002pg_ctlcluster\u3001pg_createcluster\u548cpg_upgradecluster\u90fd\u662f\u5176\u4e2d\u7684\u811a\u672c\u3002\r\n\r\nDebian postgresql-common\u5305181+deb9u1\u4e4b\u524d\u7684\u7248\u672c\u548cUbuntu\u4e2d\u7684postgresql-common\u5305\u7684Debian pg_ctlcluster\u3001pg_createcluster\u548cpg_upgradecluster\u811a\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8986\u76d6\u4efb\u610f\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Debian postgresql-common\u5305\u548cUbuntu postgresql-common\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Ubuntu Ubuntu 16.04 LTS",
"Ubuntu Ubuntu 14.04 LTS",
"Ubuntu Ubuntu 17.10",
"Ubuntu Ubuntu 17.04",
"Debian postgresql-common 181"
]
},
"referenceLink": "https://www.debian.org/security/2017/dsa-4029",
"serverity": "\u4f4e",
"submitTime": "2017-11-13",
"title": "Debian postgresql-common\u5305\u548cUbuntu postgresql-common\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
ghsa-xg92-g8h7-v7r4
Vulnerability from github
Published
2022-05-17 00:17
Modified
2024-04-01 18:30
Severity ?
VLAI Severity ?
Details
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
{
"affected": [],
"aliases": [
"CVE-2017-8806"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-13T09:29:00Z",
"severity": "MODERATE"
},
"details": "The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.",
"id": "GHSA-xg92-g8h7-v7r4",
"modified": "2024-04-01T18:30:52Z",
"published": "2022-05-17T00:17:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8806"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/usn/usn-3476-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4029"
},
{
"type": "WEB",
"url": "http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101810"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2024-0143
Vulnerability from csaf_certbund
Published
2017-11-09 23:00
Modified
2024-12-23 23:00
Summary
PostgreSQL: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
PostgreSQL ist eine frei verfügbare Datenbank für unterschiedliche Betriebssysteme.
Angriff
Ein lokaler oder entfernter authenitisierter Angreifer kann mehrere Schwachstellen in PostgreSQL ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Daten einzusehen, Daten zu manipulieren, einen Denial of Serivce auszulösen oder Sicherheitsmechanismen zu umgehen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "PostgreSQL ist eine frei verf\u00fcgbare Datenbank f\u00fcr unterschiedliche Betriebssysteme.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler oder entfernter authenitisierter Angreifer kann mehrere Schwachstellen in PostgreSQL ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Daten einzusehen, Daten zu manipulieren, einen Denial of Serivce auszul\u00f6sen oder Sicherheitsmechanismen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0143 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2024-0143.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0143 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0143"
},
{
"category": "external",
"summary": "PostgreSQL Release Notes vom 2017-11-09",
"url": "https://www.postgresql.org/about/news/1801/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4027-1 vom 2017-11-09",
"url": "https://www.debian.org/security/2017/dsa-4027"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4028-1 vom 2017-11-09",
"url": "https://www.debian.org/security/2017/dsa-4028"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4029-1 vom 2017-11-09",
"url": "https://www.debian.org/security/2017/dsa-4029"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3476-1 vom 2017-11-09",
"url": "https://usn.ubuntu.com/usn/usn-3476-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3479-1 vom 2017-11-14",
"url": "http://www.ubuntu.com/usn/usn-3479-1/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3402 vom 2017-12-08",
"url": "http://linux.oracle.com/errata/ELSA-2017-3402.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:3405 vom 2017-12-08",
"url": "https://access.redhat.com/errata/RHSA-2017:3405"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:3404 vom 2017-12-08",
"url": "https://access.redhat.com/errata/RHSA-2017:3404"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2017:3402 vom 2017-12-11",
"url": "https://lwn.net/Alerts/741098"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:3402 vom 2017-12-08",
"url": "https://access.redhat.com/errata/RHSA-2017:3402"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:3391-1 vom 2017-12-21",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173391-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:0077-1 vom 2018-01-12",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180077-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:0081-1 vom 2018-01-13",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180081-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2511 vom 2018-08-20",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2511.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory RHSA-2018:2566",
"url": "https://access.redhat.com/errata/RHSA-2018:2566"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7108821 vom 2024-01-17",
"url": "https://www.ibm.com/support/pages/node/7108821"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-10882 vom 2024-12-24",
"url": "https://linux.oracle.com/errata/ELSA-2024-10882.html"
}
],
"source_lang": "en-US",
"title": "PostgreSQL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-12-23T23:00:00.000+00:00",
"generator": {
"date": "2024-12-24T10:02:35.063+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0143",
"initial_release_date": "2017-11-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2017-11-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-11-09T23:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-11-09T23:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-11-09T23:00:00.000+00:00",
"number": "4",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-11-14T23:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2017-11-27T23:00:00.000+00:00",
"number": "6",
"summary": "Added references"
},
{
"date": "2017-12-07T23:00:00.000+00:00",
"number": "7",
"summary": "New remediations available"
},
{
"date": "2017-12-11T23:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2017-12-11T23:00:00.000+00:00",
"number": "9",
"summary": "New remediations available"
},
{
"date": "2017-12-21T23:00:00.000+00:00",
"number": "10",
"summary": "New remediations available"
},
{
"date": "2018-01-14T23:00:00.000+00:00",
"number": "11",
"summary": "New remediations available"
},
{
"date": "2018-01-14T23:00:00.000+00:00",
"number": "12",
"summary": "New remediations available"
},
{
"date": "2018-08-20T22:00:00.000+00:00",
"number": "13",
"summary": "New remediations available"
},
{
"date": "2018-08-20T22:00:00.000+00:00",
"number": "14",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-08-20T22:00:00.000+00:00",
"number": "15",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-08-26T22:00:00.000+00:00",
"number": "16",
"summary": "New remediations available"
},
{
"date": "2024-01-17T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-12-23T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "10.0.0.0-10.0.6.1",
"product": {
"name": "IBM Security Verify Access 10.0.0.0-10.0.6.1",
"product_id": "T031895",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:10.0.0.0_-_10.0.6.1"
}
}
}
],
"category": "product_name",
"name": "Security Verify Access"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "9.2.24",
"product": {
"name": "Open Source PostgreSQL 9.2.24",
"product_id": "T011196",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:9.2.24"
}
}
},
{
"category": "product_version",
"name": "10.1",
"product": {
"name": "Open Source PostgreSQL 10.1",
"product_id": "T011197",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:10.1"
}
}
},
{
"category": "product_version",
"name": "9.6.6",
"product": {
"name": "Open Source PostgreSQL 9.6.6",
"product_id": "T011198",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:9.6.6"
}
}
},
{
"category": "product_version",
"name": "9.5.10",
"product": {
"name": "Open Source PostgreSQL 9.5.10",
"product_id": "T011199",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:9.5.10"
}
}
},
{
"category": "product_version",
"name": "9.4.15",
"product": {
"name": "Open Source PostgreSQL 9.4.15",
"product_id": "T011200",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:9.4.15"
}
}
},
{
"category": "product_version",
"name": "9.3.20",
"product": {
"name": "Open Source PostgreSQL 9.3.20",
"product_id": "T011201",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:9.3.20"
}
}
}
],
"category": "product_name",
"name": "PostgreSQL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1255",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in PostgreSQL. Die Schwachstelle besteht in einem Fehler bei der Behandlung von Symlinks in postgresql-common im pg_ctlcluster Script. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2016-1255"
},
{
"cve": "CVE-2017-12172",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in PostgreSQL. Ein Angreifer mit den Privilegien der Datenbank kann dieses nutzen und einen Symlink von einer $PGLOG Datei auf seine Zieldatei erzeugen. In der Folge ist eine Manipulation der Zieldatei m\u00f6glich."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2017-12172"
},
{
"cve": "CVE-2017-15097",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in PostgreSQL. Ein Angreifer mit den Privilegien der Datenbank kann dieses nutzen und einen Symlink von einer $PGLOG Datei auf seine Zieldatei erzeugen. In der Folge ist eine Manipulation der Zieldatei m\u00f6glich."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2017-15097"
},
{
"cve": "CVE-2017-15098",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in PostgreSQL. Die Schwachstellen bestehen in den Funktionen json_populate_recordset() und jsonb_populate_recordset(). Ein Angreifer kann dieses zu einem Denial of Service Angriff oder zur Einsicht in vertrauliche Daten nutzen."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2017-15098"
},
{
"cve": "CVE-2017-15099",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in PostgreSQL. Die Schwachstelle beruht auf einem Fehler in der \"INSERT ... ON CONFLICT DO UPDATE\" Funktion. Ein Angreifer kann dieses nutzen und Sicherheitsmechanismen umgehen."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2017-15099"
},
{
"cve": "CVE-2017-8806",
"notes": [
{
"category": "description",
"text": "Es existiert eine nicht n\u00e4her beschriebene Schwachstelle in PostgreSQL. Ein Angreifer kann diese zu einem Denial of Service Angriff und m\u00f6glicherweise zur Erweiterung seiner Privilegien nutzen."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2017-8806"
}
]
}
wid-sec-w-2024-0143
Vulnerability from csaf_certbund
Published
2017-11-09 23:00
Modified
2024-12-23 23:00
Summary
PostgreSQL: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
PostgreSQL ist eine frei verfügbare Datenbank für unterschiedliche Betriebssysteme.
Angriff
Ein lokaler oder entfernter authenitisierter Angreifer kann mehrere Schwachstellen in PostgreSQL ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Daten einzusehen, Daten zu manipulieren, einen Denial of Serivce auszulösen oder Sicherheitsmechanismen zu umgehen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "PostgreSQL ist eine frei verf\u00fcgbare Datenbank f\u00fcr unterschiedliche Betriebssysteme.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler oder entfernter authenitisierter Angreifer kann mehrere Schwachstellen in PostgreSQL ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Daten einzusehen, Daten zu manipulieren, einen Denial of Serivce auszul\u00f6sen oder Sicherheitsmechanismen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0143 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2024-0143.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0143 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0143"
},
{
"category": "external",
"summary": "PostgreSQL Release Notes vom 2017-11-09",
"url": "https://www.postgresql.org/about/news/1801/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4027-1 vom 2017-11-09",
"url": "https://www.debian.org/security/2017/dsa-4027"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4028-1 vom 2017-11-09",
"url": "https://www.debian.org/security/2017/dsa-4028"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4029-1 vom 2017-11-09",
"url": "https://www.debian.org/security/2017/dsa-4029"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3476-1 vom 2017-11-09",
"url": "https://usn.ubuntu.com/usn/usn-3476-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3479-1 vom 2017-11-14",
"url": "http://www.ubuntu.com/usn/usn-3479-1/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3402 vom 2017-12-08",
"url": "http://linux.oracle.com/errata/ELSA-2017-3402.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:3405 vom 2017-12-08",
"url": "https://access.redhat.com/errata/RHSA-2017:3405"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:3404 vom 2017-12-08",
"url": "https://access.redhat.com/errata/RHSA-2017:3404"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2017:3402 vom 2017-12-11",
"url": "https://lwn.net/Alerts/741098"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:3402 vom 2017-12-08",
"url": "https://access.redhat.com/errata/RHSA-2017:3402"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:3391-1 vom 2017-12-21",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173391-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:0077-1 vom 2018-01-12",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180077-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:0081-1 vom 2018-01-13",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180081-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2511 vom 2018-08-20",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2511.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory RHSA-2018:2566",
"url": "https://access.redhat.com/errata/RHSA-2018:2566"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7108821 vom 2024-01-17",
"url": "https://www.ibm.com/support/pages/node/7108821"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-10882 vom 2024-12-24",
"url": "https://linux.oracle.com/errata/ELSA-2024-10882.html"
}
],
"source_lang": "en-US",
"title": "PostgreSQL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-12-23T23:00:00.000+00:00",
"generator": {
"date": "2024-12-24T10:02:35.063+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0143",
"initial_release_date": "2017-11-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2017-11-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-11-09T23:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-11-09T23:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-11-09T23:00:00.000+00:00",
"number": "4",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-11-14T23:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2017-11-27T23:00:00.000+00:00",
"number": "6",
"summary": "Added references"
},
{
"date": "2017-12-07T23:00:00.000+00:00",
"number": "7",
"summary": "New remediations available"
},
{
"date": "2017-12-11T23:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2017-12-11T23:00:00.000+00:00",
"number": "9",
"summary": "New remediations available"
},
{
"date": "2017-12-21T23:00:00.000+00:00",
"number": "10",
"summary": "New remediations available"
},
{
"date": "2018-01-14T23:00:00.000+00:00",
"number": "11",
"summary": "New remediations available"
},
{
"date": "2018-01-14T23:00:00.000+00:00",
"number": "12",
"summary": "New remediations available"
},
{
"date": "2018-08-20T22:00:00.000+00:00",
"number": "13",
"summary": "New remediations available"
},
{
"date": "2018-08-20T22:00:00.000+00:00",
"number": "14",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-08-20T22:00:00.000+00:00",
"number": "15",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-08-26T22:00:00.000+00:00",
"number": "16",
"summary": "New remediations available"
},
{
"date": "2024-01-17T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-12-23T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "10.0.0.0-10.0.6.1",
"product": {
"name": "IBM Security Verify Access 10.0.0.0-10.0.6.1",
"product_id": "T031895",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:10.0.0.0_-_10.0.6.1"
}
}
}
],
"category": "product_name",
"name": "Security Verify Access"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "9.2.24",
"product": {
"name": "Open Source PostgreSQL 9.2.24",
"product_id": "T011196",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:9.2.24"
}
}
},
{
"category": "product_version",
"name": "10.1",
"product": {
"name": "Open Source PostgreSQL 10.1",
"product_id": "T011197",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:10.1"
}
}
},
{
"category": "product_version",
"name": "9.6.6",
"product": {
"name": "Open Source PostgreSQL 9.6.6",
"product_id": "T011198",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:9.6.6"
}
}
},
{
"category": "product_version",
"name": "9.5.10",
"product": {
"name": "Open Source PostgreSQL 9.5.10",
"product_id": "T011199",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:9.5.10"
}
}
},
{
"category": "product_version",
"name": "9.4.15",
"product": {
"name": "Open Source PostgreSQL 9.4.15",
"product_id": "T011200",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:9.4.15"
}
}
},
{
"category": "product_version",
"name": "9.3.20",
"product": {
"name": "Open Source PostgreSQL 9.3.20",
"product_id": "T011201",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:9.3.20"
}
}
}
],
"category": "product_name",
"name": "PostgreSQL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1255",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in PostgreSQL. Die Schwachstelle besteht in einem Fehler bei der Behandlung von Symlinks in postgresql-common im pg_ctlcluster Script. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2016-1255"
},
{
"cve": "CVE-2017-12172",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in PostgreSQL. Ein Angreifer mit den Privilegien der Datenbank kann dieses nutzen und einen Symlink von einer $PGLOG Datei auf seine Zieldatei erzeugen. In der Folge ist eine Manipulation der Zieldatei m\u00f6glich."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2017-12172"
},
{
"cve": "CVE-2017-15097",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in PostgreSQL. Ein Angreifer mit den Privilegien der Datenbank kann dieses nutzen und einen Symlink von einer $PGLOG Datei auf seine Zieldatei erzeugen. In der Folge ist eine Manipulation der Zieldatei m\u00f6glich."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2017-15097"
},
{
"cve": "CVE-2017-15098",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in PostgreSQL. Die Schwachstellen bestehen in den Funktionen json_populate_recordset() und jsonb_populate_recordset(). Ein Angreifer kann dieses zu einem Denial of Service Angriff oder zur Einsicht in vertrauliche Daten nutzen."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2017-15098"
},
{
"cve": "CVE-2017-15099",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in PostgreSQL. Die Schwachstelle beruht auf einem Fehler in der \"INSERT ... ON CONFLICT DO UPDATE\" Funktion. Ein Angreifer kann dieses nutzen und Sicherheitsmechanismen umgehen."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2017-15099"
},
{
"cve": "CVE-2017-8806",
"notes": [
{
"category": "description",
"text": "Es existiert eine nicht n\u00e4her beschriebene Schwachstelle in PostgreSQL. Ein Angreifer kann diese zu einem Denial of Service Angriff und m\u00f6glicherweise zur Erweiterung seiner Privilegien nutzen."
}
],
"product_status": {
"known_affected": [
"T031895",
"67646",
"T011199",
"T011198",
"T011201",
"T011200",
"T004914",
"T011197",
"T011196",
"2951",
"T002207",
"T000126",
"1727"
]
},
"release_date": "2017-11-09T23:00:00.000+00:00",
"title": "CVE-2017-8806"
}
]
}
CERTFR-2025-AVI-0524
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Greenplum | Tanzu Greenplum Data Copy Utility versions antérieures à 2.8.0 | ||
| VMware | Tanzu | Tanzu Data Lake versions antérieures à 1.1.0 | ||
| VMware | Tanzu | Tanzu pour Postgres sur Kubernetes versions antérieures à 4.1.0 et 4.2.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions antérieures à 6.14.0 et 7.4.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Backup and Restore versions antérieures à 1.31.1 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server versions antérieures à 2.1.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions 6.x antérieures à 6.29.1 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions 7.x antérieures à 7.5.0 | ||
| VMware | Tanzu | VMware Tanzu pour Valkey sur Kubernetes versions antérieures à 1.1.0 et 2.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum Data Copy Utility versions ant\u00e9rieures \u00e0 2.8.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.1.0 et 4.2.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions ant\u00e9rieures \u00e0 6.14.0 et 7.4.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Backup and Restore versions ant\u00e9rieures \u00e0 1.31.1",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions 6.x ant\u00e9rieures \u00e0 6.29.1",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions 7.x ant\u00e9rieures \u00e0 7.5.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour Valkey sur Kubernetes versions ant\u00e9rieures \u00e0 1.1.0 et 2.0.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2126"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2021-45943",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45943"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2022-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40898"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2022-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0543"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2024-1580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1580"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2024-23807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23807"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2022-48468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2025-21491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
},
{
"name": "CVE-2025-21497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
},
{
"name": "CVE-2025-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
},
{
"name": "CVE-2025-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
},
{
"name": "CVE-2025-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
},
{
"name": "CVE-2025-21505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
},
{
"name": "CVE-2025-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
},
{
"name": "CVE-2025-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
},
{
"name": "CVE-2025-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
},
{
"name": "CVE-2025-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
},
{
"name": "CVE-2025-21555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
},
{
"name": "CVE-2025-21559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2022-42967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42967"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2012-0880",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0880"
},
{
"name": "CVE-2017-17507",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17507"
},
{
"name": "CVE-2017-8806",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8806"
},
{
"name": "CVE-2018-10126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10126"
},
{
"name": "CVE-2018-11205",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11205"
},
{
"name": "CVE-2018-13866",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13866"
},
{
"name": "CVE-2018-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13867"
},
{
"name": "CVE-2018-13868",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13868"
},
{
"name": "CVE-2018-13869",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13869"
},
{
"name": "CVE-2018-13870",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13870"
},
{
"name": "CVE-2018-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13871"
},
{
"name": "CVE-2018-13872",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13872"
},
{
"name": "CVE-2018-13874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13874"
},
{
"name": "CVE-2018-13875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13875"
},
{
"name": "CVE-2018-13876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13876"
},
{
"name": "CVE-2018-14031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14031"
},
{
"name": "CVE-2018-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14033"
},
{
"name": "CVE-2018-14034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14034"
},
{
"name": "CVE-2018-14035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14035"
},
{
"name": "CVE-2018-14460",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14460"
},
{
"name": "CVE-2018-15671",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15671"
},
{
"name": "CVE-2018-16438",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16438"
},
{
"name": "CVE-2018-17432",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17432"
},
{
"name": "CVE-2018-17433",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17433"
},
{
"name": "CVE-2018-17434",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17434"
},
{
"name": "CVE-2018-17435",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17435"
},
{
"name": "CVE-2018-17436",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17436"
},
{
"name": "CVE-2018-17437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17437"
},
{
"name": "CVE-2018-17438",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17438"
},
{
"name": "CVE-2018-17439",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17439"
},
{
"name": "CVE-2019-20005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20005"
},
{
"name": "CVE-2019-20006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20006"
},
{
"name": "CVE-2019-20007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20007"
},
{
"name": "CVE-2019-20198",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20198"
},
{
"name": "CVE-2019-20199",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20199"
},
{
"name": "CVE-2019-20200",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20200"
},
{
"name": "CVE-2019-20201",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20201"
},
{
"name": "CVE-2019-20202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20202"
},
{
"name": "CVE-2019-6988",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6988"
},
{
"name": "CVE-2019-8396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8396"
},
{
"name": "CVE-2019-8397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8397"
},
{
"name": "CVE-2019-8398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8398"
},
{
"name": "CVE-2019-9151",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9151"
},
{
"name": "CVE-2019-9152",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9152"
},
{
"name": "CVE-2020-10809",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10809"
},
{
"name": "CVE-2020-10810",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10810"
},
{
"name": "CVE-2020-10811",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10811"
},
{
"name": "CVE-2020-10812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10812"
},
{
"name": "CVE-2020-18232",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18232"
},
{
"name": "CVE-2020-18494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18494"
},
{
"name": "CVE-2021-26220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26220"
},
{
"name": "CVE-2021-26221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26221"
},
{
"name": "CVE-2021-26222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26222"
},
{
"name": "CVE-2021-30485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30485"
},
{
"name": "CVE-2021-31229",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31229"
},
{
"name": "CVE-2021-31347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31347"
},
{
"name": "CVE-2021-31348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31348"
},
{
"name": "CVE-2021-31598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31598"
},
{
"name": "CVE-2021-33430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
},
{
"name": "CVE-2021-37501",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37501"
},
{
"name": "CVE-2021-45829",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45829"
},
{
"name": "CVE-2021-45830",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45830"
},
{
"name": "CVE-2021-45832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45832"
},
{
"name": "CVE-2021-45833",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45833"
},
{
"name": "CVE-2021-46242",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46242"
},
{
"name": "CVE-2021-46243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46243"
},
{
"name": "CVE-2021-46244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46244"
},
{
"name": "CVE-2022-25942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25942"
},
{
"name": "CVE-2022-25972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25972"
},
{
"name": "CVE-2022-26061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26061"
},
{
"name": "CVE-2022-30045",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30045"
},
{
"name": "CVE-2022-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4055"
},
{
"name": "CVE-2022-47655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47655"
},
{
"name": "CVE-2023-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0996"
},
{
"name": "CVE-2023-29659",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29659"
},
{
"name": "CVE-2023-32570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32570"
},
{
"name": "CVE-2023-39328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39328"
},
{
"name": "CVE-2023-39329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39329"
},
{
"name": "CVE-2023-51792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51792"
},
{
"name": "CVE-2023-6879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6879"
},
{
"name": "CVE-2024-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27304"
},
{
"name": "CVE-2024-29157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29157"
},
{
"name": "CVE-2024-29158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29158"
},
{
"name": "CVE-2024-29159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29159"
},
{
"name": "CVE-2024-29160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29160"
},
{
"name": "CVE-2024-29161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29161"
},
{
"name": "CVE-2024-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29162"
},
{
"name": "CVE-2024-29163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29163"
},
{
"name": "CVE-2024-29164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29164"
},
{
"name": "CVE-2024-29165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29165"
},
{
"name": "CVE-2024-29166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29166"
},
{
"name": "CVE-2024-32605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32605"
},
{
"name": "CVE-2024-32606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32606"
},
{
"name": "CVE-2024-32607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32607"
},
{
"name": "CVE-2024-32608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32608"
},
{
"name": "CVE-2024-32609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32609"
},
{
"name": "CVE-2024-32610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32610"
},
{
"name": "CVE-2024-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32611"
},
{
"name": "CVE-2024-32612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32612"
},
{
"name": "CVE-2024-32613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32613"
},
{
"name": "CVE-2024-32614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32614"
},
{
"name": "CVE-2024-32615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32615"
},
{
"name": "CVE-2024-32616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32616"
},
{
"name": "CVE-2024-32617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32617"
},
{
"name": "CVE-2024-32618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32618"
},
{
"name": "CVE-2024-32619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32619"
},
{
"name": "CVE-2024-32620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32620"
},
{
"name": "CVE-2024-32621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32621"
},
{
"name": "CVE-2024-32622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32622"
},
{
"name": "CVE-2024-32623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32623"
},
{
"name": "CVE-2024-32624",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32624"
},
{
"name": "CVE-2024-33873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33873"
},
{
"name": "CVE-2024-33874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33874"
},
{
"name": "CVE-2024-33875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33875"
},
{
"name": "CVE-2024-33876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33876"
},
{
"name": "CVE-2024-33877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33877"
},
{
"name": "CVE-2024-34402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34402"
},
{
"name": "CVE-2024-34403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34403"
},
{
"name": "CVE-2024-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38949"
},
{
"name": "CVE-2024-38950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38950"
},
{
"name": "CVE-2024-41996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
},
{
"name": "CVE-2024-45993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45993"
},
{
"name": "CVE-2024-46981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46981"
},
{
"name": "CVE-2024-49203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49203"
},
{
"name": "CVE-2024-5171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5171"
},
{
"name": "CVE-2024-51741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51741"
},
{
"name": "CVE-2024-52522",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52522"
},
{
"name": "CVE-2024-52616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2024-56378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56378"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2024-56826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56826"
},
{
"name": "CVE-2024-56827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56827"
},
{
"name": "CVE-2024-6716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6716"
},
{
"name": "CVE-2025-2153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2153"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-23022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23022"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
}
],
"initial_release_date": "2025-06-19T00:00:00",
"last_revision_date": "2025-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0524",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35841",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35841"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35844",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35844"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35843",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35843"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35842",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35842"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35846",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35846"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35849",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35849"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35840",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35840"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35847",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35847"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35839",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35839"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35845",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35845"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35848",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35848"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…