Lucene search
Redhat.comRH:CVE-2019-10128HistoryMay 13, 2019 - 7:21 a.m.
CVE-2019-10128
2019-05-1307:21:04
redhat.com
access.redhat.com
10
0.0004 Low
EPSS
Percentile
5.1%
The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.
Related
postgresql
postgresql
Vulnerability in packaging (CVE-2019-10128)
2021-03-19 20:15:00
cvelist
cvelist
CVE-2019-10128
2021-03-19 19:15:11
debiancve
debiancve
CVE-2019-10128
2021-03-19 20:15:12
prion
prion
Default configuration
2021-03-19 20:15:00
nvd
nvd
CVE-2019-10128
2021-03-19 20:15:12
cve
cve
CVE-2019-10128
2021-03-19 20:15:12
ubuntucve
ubuntucve
CVE-2019-10128
2021-03-19 00:00:00
openvas
openvas
ibm
ibm
kaspersky
kaspersky
KLA11572 Multiple vulnerabilities in PostgreSQL
2019-05-09 00:00:00
nessus
nessus