CVE-2019-10210
First published: Tue Oct 29 2019(Updated: )
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL PostgreSQL | <9.4.24 | |
| PostgreSQL PostgreSQL | >=9.5.0<9.5.19 | |
| PostgreSQL PostgreSQL | >=9.6.0<9.6.15 | |
| PostgreSQL PostgreSQL | >=10.0<10.10 | |
| PostgreSQL PostgreSQL | >=11.0<11.5 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the PostgreSQL Windows installer vulnerability?
The vulnerability ID is CVE-2019-10210.
What is the severity level of CVE-2019-10210?
The severity level of CVE-2019-10210 is high, with a severity value of 7.
What is the affected software version range of the PostgreSQL Windows installer vulnerability?
The affected software versions are from 9.4.24 to 11.5, 10.10, 9.6.15, 9.5.19, and 9.4.24.
How does the vulnerability in the PostgreSQL Windows installer work?
The vulnerability allows a superuser to write a password to an unprotected temporary file.
Is Microsoft Windows affected by the PostgreSQL Windows installer vulnerability?
No, Microsoft Windows is not affected by the PostgreSQL Windows installer vulnerability.
- agent/type
- agent/references
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/9.5.0
- version/postgresql postgresql/9.6.0
- version/postgresql postgresql/10.0
- version/postgresql postgresql/11.0
- vendor/microsoft
- canonical/microsoft windows