Lucene search
RedhatCVELIST:CVE-2020-14349HistoryAug 24, 2020 - 12:32 p.m.
CVE-2020-14349
2020-08-2412:32:13
redhat
www.cve.org
1
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
CNA Affected
[
{
"product": "PostgreSQL",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PostgreSQL versions before 12.4, before 11.9 and before 10.14"
}
]
}
]References
lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html
lists.opensuse.org/opensuse-security-announce/2020-08/msg00049.html
lists.opensuse.org/opensuse-security-announce/2020-08/msg00050.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00008.html
bugzilla.redhat.com/show_bug.cgi?id=1865744
security.gentoo.org/glsa/202008-13
security.netapp.com/advisory/ntap-20200918-0002/
usn.ubuntu.com/4472-1/
Related
openvas
openvas
PostgreSQL 10.x < 10.14, 11.x < 11.9, 12.x < 12.4 Search Path Vulnerability - Windows
2020-10-07 00:00:00
PostgreSQL 10.x < 10.14, 11.x < 11.9, 12.x < 12.4 Search Path Vulnerability - Linux
2020-10-07 00:00:00
Mageia: Security Advisory (MGASA-2020-0365)
2022-01-28 00:00:00
nvd
nvd
CVE-2020-14349
2020-08-24 13:15:10
CVE-2018-1058
2018-03-02 15:29:00
ubuntucve
ubuntucve
CVE-2020-14349
2020-08-17 00:00:00
CVE-2018-1058
2018-02-28 00:00:00
debiancve
debiancve
CVE-2020-14349
2020-08-24 13:15:10
CVE-2018-1058
2018-03-02 15:29:00
osv
osv
BIT-postgresql-2020-14349
2024-03-06 11:06:51
CVE-2020-14349
2020-08-24 13:15:10
CVE-2018-1058
2018-03-02 15:29:00
alpinelinux
alpinelinux
CVE-2020-14349
2020-08-24 13:15:10
CVE-2018-1058
2018-03-02 15:29:00
cve
cve
CVE-2020-14349
2020-08-24 13:15:10
CVE-2018-1058
2018-03-02 15:29:00
redhatcve
redhatcve
CVE-2020-14349
2020-08-13 12:43:35
CVE-2018-1058
2019-11-01 10:02:40
prion
prion
Sql injection
2020-08-24 13:15:00
Design/Logic Flaw
2018-03-02 15:29:00
mageia
mageia
Updated postgresql packages fix security vulnerabilities
2020-09-06 23:33:09
Updated postgresql9.4|6 packages fix security vulnerabilities
2018-11-16 01:04:32
nessus
nessus
EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2020-2156)
2020-09-29 00:00:00
Amazon Linux AMI : postgresql93 / postgresql94,postgresql95,postgresql96 (ALAS-2018-990)
2018-04-06 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : PostgreSQL vulnerability (USN-3589-1)
2018-03-07 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-14349 affecting package postgresql 12.1-3
2021-06-20 03:47:42
postgresql
postgresql
Vulnerability in core server (CVE-2020-14349)
2020-08-24 13:15:00
Vulnerability in client (CVE-2018-1058)
2018-03-02 15:29:00
kaspersky
kaspersky
KLA11938 Security vulnerability in PostgreSQL
2020-08-13 00:00:00
KLA11202 PE vulnerabilities in PostgreSQL
2018-01-03 00:00:00
veracode
veracode
SQL Injection
2020-09-07 02:40:01
Arbitrary Code Execution
2019-05-16 03:23:17
altlinux
altlinux
cvelist
cvelist
CVE-2018-1058
2018-03-01 00:00:00
archlinux
archlinux
[ASA-201803-9] postgresql: privilege escalation
2018-03-11 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerability
2018-03-06 00:00:00
PostgreSQL vulnerabilities
2020-08-25 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0031
2018-03-29 00:00:00
Important Photon OS Security Update - PHSA-2020-0137
2020-09-10 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0137
2020-09-07 00:00:00
freebsd
freebsd
PostgreSQL vulnerabilities
2018-03-01 00:00:00
f5
f5
K000137875 : PostGreSQL vulnerability CVE-2018-1058
2023-12-12 00:00:00
amazon
amazon
Medium: postgresql93, postgresql94, postgresql95, postgresql96
2018-04-05 16:55:00
suse
suse
Security update for postgresql, postgresql96, postgresql10, postgresql12 (moderate)
2020-08-17 00:00:00
Security update for postgresql10 (important)
2020-09-01 00:00:00
Security update for postgresql10 (important)
2020-09-03 00:00:00
ibm
ibm
Security Bulletin: Search path vulnerability in PostgreSQL Server bundled in IBM Robotic Process Automation with Automation Anywhere (CVE-2020-14349, CVE-2020-14350)
2021-05-07 20:28:45
redhat
redhat
(RHSA-2020:5110) Moderate: rh-postgresql10-postgresql security update
2020-11-16 08:47:34
(RHSA-2021:0988) Moderate: rhvm-appliance security, bug fix, and enhancement update
2021-03-25 11:24:15
(RHSA-2020:5112) Moderate: rh-postgresql12-postgresql security update
2020-11-16 11:44:42
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2020-08-26 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: postgresql-12.6-1.fc33
2021-02-26 01:10:06
rocky
rocky
postgresql:12 security update
2020-12-17 15:30:10
oraclelinux
oraclelinux
postgresql:12 security update
2020-12-23 00:00:00
postgresql:10 security and bug fix update
2020-09-09 00:00:00
rh-postgresql10-postgresql security update
2021-06-11 00:00:00
almalinux
almalinux
Important: postgresql:12 security update
2020-12-17 15:30:10