107 matches found
MiracleLinux 8 : postgresql:10 (AXSA:2022-3559:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3559:01 advisory. postgresql: server processes unencrypted bytes from man-in-the-middle CVE-2021-23214 Tenable has extracted the preceding description block directly from the...
EUVD-2021-30673
Malicious code in bioql PyPI...
TencentOS Server 3: postgresql (TSSA-2023:0005)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0005 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Alibaba Cloud Linux 3 : 0136: postgresql:13 (ALINUX3-SA-2022:0136)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0136 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-23214: It was found that a...
Linux Distros Unpatched Vulnerability : CVE-2021-23214
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject...
RHEL 8 : postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: server processes unencrypted bytes from man-in-the-middle CVE-2021-23214 - An issue was...
Rocky Linux 8 : postgresql:10 (RLSA-2022:1830)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1830 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject...
Rocky Linux 8 : postgresql:12 (RLSA-2021:5235)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5235 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker ca...
Debian DSA-5007-1 : postgresql-13 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5007 advisory. Jacob Champion discovered two vulnerabilities in the PostgreSQL database system, which could result in man-in-the-middle attacks. For the stable distribution...
PostgresNIO processes unencrypted bytes from man-in-the-middle
Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...
Medium: postgresql95
Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...
Medium: postgresql92
Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...
Medium: postgresql93
Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...
Amazon Linux AMI : postgresql94 (ALAS-2023-1659)
The version of postgresql94 installed on the remote host is prior to 9.4.26-1.78. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1659 advisory. When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a...
EulerOS Virtualization 3.0.2.6 : postgresql (EulerOS-SA-2023-1081)
According to the versions of the postgresql package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24...
GLSA-202211-04 : PostgreSQL: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202211-04 PostgreSQL: Multiple Vulnerabilities - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries...
Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2022-2528)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.6 : postgresql (EulerOS-SA-2022-2528)
According to the versions of the postgresql packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24...
Ubuntu: Security Advisory (USN-5645-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 ESM : PostgreSQL vulnerabilities (USN-5645-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5645-1 advisory. Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issu...