Rocky Linux 8 : postgresql:10 (RLSA-2022:1830)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1830 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject...

CVE-2021-43767

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's...

SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2021:4058-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4058-1 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a...

CVE-2021-3935

CVE-2021-3935 affects PgBouncer when configured to use certificate authentication. A man-in-the-middle can inject arbitrary SQL queries at the first connection, even with TLS verification, in versions prior to 1.16.1. The root cause is not detailed in the initial document, but multiple connected ...

Man-in-the-Middle (MitM)

postgresql is vulnerable to man-in-the-middle attacks. A man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first created when the server is configured to use trust authentication with a 'clientcert' requirement or to utilize 'cert' authentication...

Ubuntu 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-5145-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5145-1 advisory. Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly u...