92 matches found
BIT-POSTGRESQL-2021-43767
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's...
Medium: libpq
Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 Affected Packages: libpq Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this...
Medium: postgresql
Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 Affected Packages: postgresql Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit...
Amazon Linux 2 : libpq (ALASPOSTGRESQL14-2024-009)
The version of libpq installed on the remote host is prior to 14.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-009 advisory. A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certifica...
Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2023-002)
The version of postgresql installed on the remote host is prior to 13.7-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2023-002 advisory. 2024-08-28: CVE-2021-3677 was added to this advisory. 2024-02-29: CVE-2021-23222 was added to this advisory. ...
Amazon Linux 2 : libpq (ALASPOSTGRESQL12-2023-003)
The version of libpq installed on the remote host is prior to 12.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL12-2023-003 advisory. 2024-02-29: CVE-2021-23222 was added to this advisory. A man-in-the-middle attacker can inject false responses to...
Important: libpq
Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged...
Debian DSA-5007-1 : postgresql-13 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5007 advisory. Jacob Champion discovered two vulnerabilities in the PostgreSQL database system, which could result in man-in-the-middle attacks. For the stable distribution...
PostgresNIO processes unencrypted bytes from man-in-the-middle
Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...
GHSA-9CFH-VX93-84VV PostgresNIO processes unencrypted bytes from man-in-the-middle
Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...
PostgresNIO processes unencrypted bytes from man-in-the-middle
Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim from...
EulerOS Virtualization 3.0.2.6 : postgresql (EulerOS-SA-2023-1081)
According to the versions of the postgresql package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24...
CLSA-2022-1671124508 Fix CVE(s): CVE-2021-23222
SECURITY UPDATE: A man-in-the-middle attacker can inject false responses - debian/patches/CVE-2021-23222.patch: libpq: reject extraneous data after SSL or GSS encryption handshake - CVE-2021-23222...
GLSA-202211-04 : PostgreSQL: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202211-04 PostgreSQL: Multiple Vulnerabilities - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-38153 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use of "Arrays.equals" to validate a password or key. By...
Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2022-2528)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.6 : postgresql (EulerOS-SA-2022-2528)
According to the versions of the postgresql packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24...
SUSE: Security Advisory (SUSE-SU-2022:2958-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15: libecpg6 / libpq5 / libpq5-32bit / postgresql12 / etc (SUSE-SU-2022:2958-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2958-1 advisory. - Upgrade to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension...
SUSE: Security Advisory (SUSE-SU-2022:2893-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...