EUVD-2010-1602

Malware in sbrugna...

Rocky Linux 8 : postgresql:10 (RLSA-2022:1830)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1830 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject...

Medium: postgresql

Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...

CVE-2021-43767

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's...

AlmaLinux 8 : postgresql:10 (ALSA-2022:1830)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1830 advisory. postgresql: server processes unencrypted bytes from man-in-the-middle CVE-2021-23214 Tenable has extracted the preceding description block directly from the...

EulerOS 2.0 SP3 : postgresql (EulerOS-SA-2022-1182)

According to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client...

SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2021:4058-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4058-1 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a...

Man-in-the-Middle (MitM)

postgresql is vulnerable to man-in-the-middle attacks. A man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first created when the server is configured to use trust authentication with a 'clientcert' requirement or to utilize 'cert' authentication...

Ubuntu 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-5145-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5145-1 advisory. Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly u...

UBUNTU-CVE-2021-23214

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption...

Authentication flaw

The Cisco Content Services Switch CSS 11500 with software 08.20.1.01 conveys authentication data through ClientCert- headers but does not delete client-supplied ClientCert- headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a...