PostgreSQL JDBC Man-in-the-Middle Security Bypass Vulnerability

PostgreSQL JDBC is a database driver. A security vulnerability exists in PostgreSQL JDBC versions prior to 42.2.5 that stems from the Postgres JDBC driver not verifying host names by default. An attacker could exploit this vulnerability by presenting credentials to the wrong host to spoof a trust...

DEBIAN-CVE-2018-10936

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by...

MGASA-2015-0175 Updated quassel packages fix CVE-2015-3427

Updated quassel packages fix security vulnerability: Quassel is vulnerable to SQL injection through its use of Qt's postgres driver. If the PostgreSQL server is restarted or the connection is lost at any point, other IRC users may be able to trick the Quassel core into executing SQL queries upon...

perl-DBD-Pg: dequote_bytea memory leak

Memory leak in the dequotebytea function in quote.c in the DBD::Pg aka DBD-Pg or libdbd-pg-perl module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service memory consumption by fetching data with BYTEA columns...