Jacob Champion discovered that PostgreSQL incorrectly handled SSL
certificate verification and encryption. A remote attacker could possibly
use this issue to inject arbitrary SQL queries when a connection is first
established.

References

ubuntu.com/security/CVE-2021-23214

ubuntu.com/security/CVE-2021-23222

ubuntu.com/security/notices/USN-5145-1

nessus 61

suse 5

openvas 31

mageia 1

altlinux 13

debian 3

osv 22

freebsd 1

redos 1

ubuntu 3

ibm 7

fedora 1

github 1

redhat 6

veracode 2

rocky 4

cbl_mariner 4

amazon 6

almalinux 4

debiancve 2

ubuntucve 2

alpinelinux 2

redhatcve 2

oraclelinux 4

archlinux 2

prion 4

cve 4

gentoo 1

nessus

Ubuntu 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-5145-1)

2021-11-12 00:00:00

SUSE SLED15 / SLES15 Security Update : postgresql12 (SUSE-SU-2021:3758-1)

2021-11-23 00:00:00

SUSE SLES12 Security Update : postgresql96 (SUSE-SU-2021:3757-1)

2021-11-23 00:00:00

suse

Security update for postgresql13 (important)

2021-11-22 00:00:00

Security update for postgresql12 (important)

2021-11-22 00:00:00

Security update for postgresql10 (important)

2021-12-15 00:00:00

openvas

openSUSE: Security Advisory for postgresql14 (openSUSE-SU-2021:3759-1)

2021-11-23 00:00:00

Debian: Security Advisory (DSA-5007-1)

2021-11-14 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:3761-1)

2021-11-23 00:00:00

mageia

Updated postgresql packages fix security vulnerability

2021-11-25 16:06:13

altlinux

Security fix for the ALT Linux 8 package postgresql10 version 10.19-alt0.M80P.1

2021-12-21 00:00:00

Security fix for the ALT Linux 9 package postgresql12 version 12.9-alt0.M90P.1

2021-12-03 00:00:00

Security fix for the ALT Linux 10 package postgresql15 version 14.1-alt1

2021-11-10 00:00:00

debian

[SECURITY] [DLA 2817-1] postgresql-9.6 security update

2021-11-12 08:46:22

[SECURITY] [DSA 5006-1] postgresql-11 security update

2021-11-11 21:49:53

[SECURITY] [DSA 5007-1] postgresql-13 security update

2021-11-11 21:52:56

osv

postgresql-13 - security update

2021-11-11 00:00:00

postgresql-11 - security update

2021-11-11 00:00:00

postgresql-9.6 - security update

2021-11-12 00:00:00

freebsd

PostgreSQL -- Possible man-in-the-middle attacks

2021-11-08 00:00:00

redos

ROS-20220125-13

2022-01-25 00:00:00

ubuntu

PostgreSQL vulnerabilities

2021-11-11 00:00:00

PostgreSQL vulnerability

2022-12-07 00:00:00

PostgreSQL vulnerabilities

2022-09-28 00:00:00

ibm

Security Bulletin: A security vulnerability inPostgreSQL affects IBM Cloud Pak for Multicloud Management Infrastructure Management

2022-10-21 17:09:42

Security Bulletin: EDB Postgres Advanced Server with IBM and IBM Data Management Platform for EDB Postgres (Standard or Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack.

2022-02-10 17:57:59

Security Bulletin: Due to use of PostgreSQL, IBM Robotic Process Automation with Automation Anywhere is vulnerable to SQL injection (CVE-2021-23214)

2022-04-01 15:08:28

fedora

[SECURITY] Fedora 35 Update: pgbouncer-1.16.1-1.fc35

2021-12-31 01:21:38

github

PostgresNIO processes unencrypted bytes from man-in-the-middle

2023-05-10 19:20:16

redhat

(RHSA-2021:5197) Moderate: rh-postgresql12-postgresql security update

2021-12-16 18:07:11

(RHSA-2021:5179) Moderate: rh-postgresql13-postgresql security update

2021-12-16 11:34:46

(RHSA-2022:1830) Moderate: postgresql:10 security update

2022-05-10 08:03:34

veracode

Man-in-the-Middle (MitM)

2021-11-14 07:40:11

Denial Of Service (DoS)

2021-11-14 07:42:43

rocky

postgresql:10 security update

2022-05-10 08:03:34

libpq security update

2022-05-10 06:36:04

postgresql:12 security update

2021-12-21 09:10:31

cbl_mariner

CVE-2021-23214 affecting package postgresql 12.7-2

2022-04-26 20:17:02

CVE-2021-23214 affecting package postgresql 12.8-1

2022-03-19 16:40:54

CVE-2021-23222 affecting package postgresql 12.8-1

2022-03-19 16:40:54

amazon

Medium: postgresql93

2023-01-18 20:56:00

Medium: postgresql94

2023-01-18 20:56:00

Medium: postgresql92

2023-01-18 20:56:00

almalinux

Moderate: postgresql:10 security update

2022-05-10 08:03:34

Low: libpq security update

2022-05-10 06:36:04

Moderate: postgresql:12 security update

2021-12-21 09:10:31

debiancve

CVE-2021-23214

2022-03-04 16:15:00

CVE-2021-23222

2022-03-02 23:15:00

ubuntucve

CVE-2021-23214

2021-11-11 00:00:00

CVE-2021-23222

2021-11-11 00:00:00

alpinelinux

CVE-2021-23214

2022-03-04 16:15:00

CVE-2021-23222

2022-03-02 23:15:00

redhatcve

CVE-2021-23214

2022-04-26 22:23:51

CVE-2021-23222

2021-11-12 12:00:28

oraclelinux

postgresql:10 security update

2022-05-17 00:00:00

libpq security update

2022-05-17 00:00:00

postgresql:12 security update

2021-12-22 00:00:00

archlinux

[ASA-202203-1] postgresql: man-in-the-middle

2022-03-25 00:00:00

[ASA-202204-1] postgresql: man-in-the-middle

2022-04-04 00:00:00

prion

Sql injection

2022-03-04 16:15:00

Design/Logic Flaw

2022-03-02 23:15:00

Sql injection

2022-08-25 18:15:00

cve

CVE-2021-23214

2022-03-04 16:15:00

CVE-2021-23222

2022-03-02 23:15:00

CVE-2021-43766

2022-08-25 18:15:00

gentoo

PostgreSQL: Multiple Vulnerabilities

2022-11-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.5%

JSON

Related for OSV:USN-5145-1