Lucene search
K

92 matches found

OSV
OSV
added 2024/03/06 11:4 a.m.40 views

BIT-POSTGRESQL-2021-43767

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's...

5.9CVSS7.1AI score0.01501EPSS
Exploits0References3
Amazon
Amazon
added 2024/03/06 12:0 a.m.4 views

Medium: libpq

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 Affected Packages: libpq Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this...

5.9CVSS7AI score0.01501EPSS
Exploits0
Amazon
Amazon
added 2024/03/06 12:0 a.m.4 views

Medium: postgresql

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 Affected Packages: postgresql Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit...

5.9CVSS7AI score0.01501EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.21 views

Amazon Linux 2 : libpq (ALASPOSTGRESQL14-2024-009)

The version of libpq installed on the remote host is prior to 14.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-009 advisory. A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certifica...

5.9CVSS7AI score0.01501EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.28 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2023-002)

The version of postgresql installed on the remote host is prior to 13.7-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2023-002 advisory. 2024-08-28: CVE-2021-3677 was added to this advisory. 2024-02-29: CVE-2021-23222 was added to this advisory. ...

8.8CVSS7.5AI score0.12403EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.21 views

Amazon Linux 2 : libpq (ALASPOSTGRESQL12-2023-003)

The version of libpq installed on the remote host is prior to 12.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL12-2023-003 advisory. 2024-02-29: CVE-2021-23222 was added to this advisory. A man-in-the-middle attacker can inject false responses to...

8.8CVSS7.6AI score0.12403EPSS
Exploits0References6
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Important: libpq

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged...

8.8CVSS7.9AI score0.12403EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/05/25 12:0 a.m.31 views

Debian DSA-5007-1 : postgresql-13 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5007 advisory. Jacob Champion discovered two vulnerabilities in the PostgreSQL database system, which could result in man-in-the-middle attacks. For the stable distribution...

8.1CVSS7AI score0.01901EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/05/10 7:20 p.m.45 views

PostgresNIO processes unencrypted bytes from man-in-the-middle

Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...

8.1CVSS6.9AI score0.01901EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2023/05/10 7:20 p.m.30 views

GHSA-9CFH-VX93-84VV PostgresNIO processes unencrypted bytes from man-in-the-middle

Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...

3.7CVSS6.6AI score0.01901EPSS
Exploits0References10
GitLab Advisory Database
GitLab Advisory Database
added 2023/05/10 12:0 a.m.26 views

PostgresNIO processes unencrypted bytes from man-in-the-middle

Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim from...

8.1CVSS7AI score0.01901EPSS
Exploits0References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/06 12:0 a.m.28 views

EulerOS Virtualization 3.0.2.6 : postgresql (EulerOS-SA-2023-1081)

According to the versions of the postgresql package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24...

8.1CVSS6.8AI score0.01901EPSS
Exploits0References4
OSV
OSV
added 2022/12/15 5:15 p.m.5 views

CLSA-2022-1671124508 Fix CVE(s): CVE-2021-23222

SECURITY UPDATE: A man-in-the-middle attacker can inject false responses - debian/patches/CVE-2021-23222.patch: libpq: reject extraneous data after SSL or GSS encryption handshake - CVE-2021-23222...

5.9CVSS6.9AI score0.01501EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/11/22 12:0 a.m.31 views

GLSA-202211-04 : PostgreSQL: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202211-04 PostgreSQL: Multiple Vulnerabilities - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries...

8.8CVSS7.7AI score0.12403EPSS
Exploits0References12
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 4:36 p.m.80 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-38153 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use of "Arrays.equals" to validate a password or key. By...

7.4CVSS7.5AI score0.50445EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/10/10 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2022-2528)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.9AI score0.12403EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/10/09 12:0 a.m.43 views

EulerOS Virtualization 3.0.6.6 : postgresql (EulerOS-SA-2022-2528)

According to the versions of the postgresql packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24...

8.8CVSS7AI score0.12403EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/09/01 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2022:2958-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.7AI score0.12403EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.40 views

SUSE SLES15: libecpg6 / libpq5 / libpq5-32bit / postgresql12 / etc (SUSE-SU-2022:2958-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2958-1 advisory. - Upgrade to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension...

8.8CVSS6.8AI score0.12403EPSS
Exploits0References31
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2022:2893-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.7AI score0.12403EPSS
Exploits0References13
Rows per page
Query Builder