A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database.

Mitigation

Upstream suggests the following mitigation can be used to protect against this security flaw:
<https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path>

References

bugzilla.redhat.com/show_bug.cgi?id=1547044

www.postgresql.org/about/news/1834/

nessus 28

archlinux 1

altlinux 13

veracode 1

cvelist 2

nvd 2

cve 2

openvas 11

freebsd 1

amazon 1

ubuntucve 2

debiancve 2

f5 1

postgresql 1

kaspersky 1

osv 3

prion 2

ubuntu 1

photon 4

alpinelinux 2

redhatcve 1

ibm 3

mageia 2

redhat 3

nessus

Amazon Linux AMI : postgresql93 / postgresql94,postgresql95,postgresql96 (ALAS-2018-990)

2018-04-06 00:00:00

FreeBSD : PostgreSQL vulnerabilities (e3eeda2e-1d67-11e8-a2ec-6cc21735f730)

2018-03-02 00:00:00

SUSE SLES11 Security Update : postgresql94 (SUSE-SU-2018:0755-1)

2018-03-22 00:00:00

archlinux

[ASA-201803-9] postgresql: privilege escalation

2018-03-11 00:00:00

altlinux

Security fix for the ALT Linux 7 package postgresql9.4 version 9.4.17-alt0.M70P.1

2018-03-04 00:00:00

Security fix for the ALT Linux 8 package postgresql9.6 version 9.6.8-alt0.M80P.1

2018-03-02 00:00:00

Security fix for the ALT Linux 8 package postgresql12 version 10.3-alt1

2018-03-02 00:00:00

veracode

Arbitrary Code Execution

2019-05-16 03:23:17

cvelist

CVE-2018-1058

2018-03-01 00:00:00

CVE-2020-14349

2020-08-24 12:32:13

nvd

CVE-2018-1058

2018-03-02 15:29:00

CVE-2020-14349

2020-08-24 13:15:10

cve

CVE-2018-1058

2018-03-02 15:29:00

CVE-2020-14349

2020-08-24 13:15:10

openvas

SUSE: Security Advisory (SUSE-SU-2018:0755-1)

2021-06-09 00:00:00

Ubuntu: Security Advisory (USN-3589-1)

2018-10-26 00:00:00

SUSE: Security Advisory (SUSE-SU-2018:0876-1)

2021-04-19 00:00:00

freebsd

PostgreSQL vulnerabilities

2018-03-01 00:00:00

amazon

Medium: postgresql93, postgresql94, postgresql95, postgresql96

2018-04-05 16:55:00

ubuntucve

CVE-2018-1058

2018-02-28 00:00:00

CVE-2020-14349

2020-08-17 00:00:00

debiancve

CVE-2018-1058

2018-03-02 15:29:00

CVE-2020-14349

2020-08-24 13:15:10

K000137875 : PostGreSQL vulnerability CVE-2018-1058

2023-12-12 00:00:00

postgresql

Vulnerability in client (CVE-2018-1058)

2018-03-02 15:29:00

kaspersky

KLA11202 PE vulnerabilities in PostgreSQL

2018-01-03 00:00:00

osv

CVE-2018-1058

2018-03-02 15:29:00

CVE-2020-14349

2020-08-24 13:15:10

BIT-postgresql-2020-14349

2024-03-06 11:06:51

prion

Design/Logic Flaw

2018-03-02 15:29:00

Sql injection

2020-08-24 13:15:00

ubuntu

PostgreSQL vulnerability

2018-03-06 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0031

2018-03-29 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0122

2018-04-05 00:00:00

Important Photon OS Security Update - PHSA-2018-0122

2018-04-05 00:00:00

alpinelinux

CVE-2018-1058

2018-03-02 15:29:00

CVE-2020-14349

2020-08-24 13:15:10

redhatcve

CVE-2020-14349

2020-08-13 12:43:35

ibm

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-1058, CVE-2018-10936, CVE-2019-9193)

2020-05-27 08:42:25

Security Bulletin: IBM Security Information Queue uses database components with known vulnerabilities (CVE-2016-3506, CVE-2018-1058, CVE-2018-10936, CVE-2019-9193)

2020-01-22 22:30:41

Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities

2023-10-22 16:21:20

mageia

Updated postgresql packages fix security vulnerabilities

2020-09-06 23:33:09

Updated postgresql9.4|6 packages fix security vulnerabilities

2018-11-16 01:04:32

redhat

(RHSA-2018:3816) Important: CloudForms 4.6.6 security, bug fix and enhancement update

2018-12-13 15:02:54

(RHSA-2018:2511) Important: rh-postgresql95-postgresql security update

2018-08-20 10:27:16

(RHSA-2018:2566) Important: rh-postgresql96-postgresql security update

2018-08-27 07:54:53

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for RH:CVE-2018-1058