Server processes unencrypted bytes from man-in-the-middle. (CVE-2021-23214) libpq processes unencrypted bytes from man-in-the-middle. (CVE-2021-23222)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchpostgresql11< 11.14-1postgresql11-11.14-1.mga8
Mageia8noarchpostgresql13< 13.5-1postgresql13-13.5-1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	postgresql11	< 11.14-1	postgresql11-11.14-1.mga8
Mageia	8	noarch	postgresql13	< 13.5-1	postgresql13-13.5-1.mga8

References

bugs.mageia.org/show_bug.cgi?id=29655

www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/

altlinux 13

nessus 62

debian 3

freebsd 1

suse 5

osv 23

ibm 13

redos 1

ubuntu 3

redhat 9

github 1

fedora 1

rocky 4

veracode 2

cbl_mariner 4

amazon 6

almalinux 4

debiancve 2

redhatcve 2

ubuntucve 2

alpinelinux 2

oraclelinux 4

archlinux 2

prion 4

cve 4

gentoo 1

altlinux

Security fix for the ALT Linux 10 package postgresql15 version 14.1-alt1

2021-11-10 00:00:00

Security fix for the ALT Linux 10 package postgresql12 version 12.9-alt1

2021-11-23 00:00:00

Security fix for the ALT Linux 8 package postgresql9.6 version 9.6.24-alt0.M80P.1

2021-12-21 00:00:00

nessus

SUSE SLED15 / SLES15 Security Update : postgresql13 (SUSE-SU-2021:3762-1)

2021-11-23 00:00:00

SUSE SLED12 / SLES12 Security Update : postgresql, postgresql13, postgresql14 (SUSE-SU-2021:3755-1)

2021-11-21 00:00:00

Ubuntu 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-5145-1)

2021-11-12 00:00:00

debian

[SECURITY] [DSA 5006-1] postgresql-11 security update

2021-11-11 21:49:53

[SECURITY] [DSA 5007-1] postgresql-13 security update

2021-11-11 21:52:56

[SECURITY] [DLA 2817-1] postgresql-9.6 security update

2021-11-12 08:46:22

freebsd

PostgreSQL -- Possible man-in-the-middle attacks

2021-11-08 00:00:00

suse

Security update for postgresql12 (important)

2021-11-22 00:00:00

Security update for postgresql13 (important)

2021-11-22 00:00:00

Security update for postgresql10 (important)

2021-12-14 00:00:00

osv

postgresql-9.6 - security update

2021-11-12 00:00:00

postgresql-10, postgresql-12, postgresql-13 vulnerabilities

2021-11-11 18:26:10

postgresql-11 - security update

2021-11-11 00:00:00

ibm

Security Bulletin: A security vulnerability inPostgreSQL affects IBM Cloud Pak for Multicloud Management Infrastructure Management

2022-10-21 17:09:42

Security Bulletin: EDB Postgres Advanced Server with IBM and IBM Data Management Platform for EDB Postgres (Standard or Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack.

2022-02-10 17:57:59

Security Bulletin: Due to use of PostgreSQL, IBM Robotic Process Automation with Automation Anywhere is vulnerable to SQL injection (CVE-2021-23214)

2022-04-01 15:08:28

redos

ROS-20220125-13

2022-01-25 00:00:00

ubuntu

PostgreSQL vulnerabilities

2021-11-11 00:00:00

PostgreSQL vulnerability

2022-12-07 00:00:00

PostgreSQL vulnerabilities

2022-09-28 00:00:00

redhat

(RHSA-2021:5179) Moderate: rh-postgresql13-postgresql security update

2021-12-16 11:34:46

(RHSA-2021:5197) Moderate: rh-postgresql12-postgresql security update

2021-12-16 18:07:11

(RHSA-2022:1830) Moderate: postgresql:10 security update

2022-05-10 08:03:34

github

PostgresNIO processes unencrypted bytes from man-in-the-middle

2023-05-10 19:20:16

fedora

[SECURITY] Fedora 35 Update: pgbouncer-1.16.1-1.fc35

2021-12-31 01:21:38

rocky

postgresql:10 security update

2022-05-10 08:03:34

libpq security update

2022-05-10 06:36:04

postgresql:12 security update

2021-12-21 09:10:31

veracode

Man-in-the-Middle (MitM)

2021-11-14 07:40:11

Denial Of Service (DoS)

2021-11-14 07:42:43

cbl_mariner

CVE-2021-23214 affecting package postgresql 12.7-2

2022-04-26 20:17:02

CVE-2021-23214 affecting package postgresql 12.8-1

2022-03-19 16:40:54

CVE-2021-23222 affecting package postgresql 12.8-1

2022-03-19 16:40:54

amazon

Medium: postgresql93

2023-01-18 20:56:00

Medium: postgresql94

2023-01-18 20:56:00

Medium: postgresql92

2023-01-18 20:56:00

almalinux

Moderate: postgresql:10 security update

2022-05-10 08:03:34

Low: libpq security update

2022-05-10 06:36:04

Moderate: postgresql:12 security update

2021-12-21 09:10:31

debiancve

CVE-2021-23214

2022-03-04 16:15:00

CVE-2021-23222

2022-03-02 23:15:00

redhatcve

CVE-2021-23214

2022-04-26 22:23:51

CVE-2021-23222

2021-11-12 12:00:28

ubuntucve

CVE-2021-23214

2021-11-11 00:00:00

CVE-2021-23222

2021-11-11 00:00:00

alpinelinux

CVE-2021-23214

2022-03-04 16:15:00

CVE-2021-23222

2022-03-02 23:15:00

oraclelinux

postgresql:10 security update

2022-05-17 00:00:00

libpq security update

2022-05-17 00:00:00

postgresql:12 security update

2021-12-22 00:00:00

archlinux

[ASA-202203-1] postgresql: man-in-the-middle

2022-03-25 00:00:00

[ASA-202204-1] postgresql: man-in-the-middle

2022-04-04 00:00:00

prion

Sql injection

2022-03-04 16:15:00

Design/Logic Flaw

2022-03-02 23:15:00

Sql injection

2022-08-25 18:15:00

cve

CVE-2021-23214

2022-03-04 16:15:00

CVE-2021-23222

2022-03-02 23:15:00

CVE-2021-43766

2022-08-25 18:15:00

gentoo

PostgreSQL: Multiple Vulnerabilities

2022-11-19 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.9%

JSON

Related for MGASA-2021-0523