{"vulnerability": "CVE-2018-1058", "sightings": [{"uuid": "d3ace73a-fd44-4214-b190-45f501d451a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10583", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "743407cf-c89d-43c4-a458-ccfe0f9ce6c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1058", "type": "published-proof-of-concept", "source": "https://t.me/itsecalert/100", "content": "\u26a0\ufe0f PostgreSQL - escalation of privileges\neffected Versions: PostgreSQL < 9.3.22, PostgreSQL < 9.4.17, PostgreSQL < 9.5.12, PostgreSQL < 9.6.8, PostgreSQL < 10.3\n\nThe problem described in CVE-2018-1058 centers around the default \"public\" schema and how PostgreSQL uses the search_path setting. The attacker could insert a trojan-horse function that, when executed by a superuser, grants escalated privileges.\n\nBased on your setup, your installation is probably affected, but it may not be in imminent danger.\n\nThere are patches for several Distributions available. Today openSuse got an update. \n\nFurther information, samples and more: https://yt.gl/gqh7l\n(severity: \ud83d\udd39medium) \n\n#alert #vulnerability #severityhigh #PostgreSQL #CVE-2018-1058\nFeel free to discuss this in @itsectalk and let your local PostgreSQL admin know! \u2709\ufe0f\ud83d\udce2", "creation_timestamp": "2018-03-22T23:36:09.000000Z"}, {"uuid": "0eb17223-1976-4d93-8941-8b5a82d44773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10583", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:02.000000Z"}, {"uuid": "82a5619e-c80c-49aa-81b1-0e4d682034bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10583", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/fileformat/odt_badodt.rb", "content": "", "creation_timestamp": "2018-06-06T16:36:03.000000Z"}, {"uuid": "7e9f1d41-2c99-4ce1-ae0b-f69292de3826", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10585", "type": "seen", "source": "https://t.me/cibsecurity/14888", "content": "ATENTION\u203c New - CVE-2018-10585\n\nPexip Infinity before 18 allows remote Denial of Service (XML parsing).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-25T07:55:25.000000Z"}]}