47 matches found
Alibaba Cloud Linux 3 : 0136: postgresql:13 (ALINUX3-SA-2022:0136)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0136 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-23214: It was found that a...
K000149918: PostgresQL vulnerability CVE-2021-3677
Security Advisory Description A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server...
Rocky Linux 8 : postgresql:12 (RLSA-2021:5235)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5235 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker ca...
Puppet Enterprise < 2019.8.8 / 2021.x < 2021.3 PostgreSQL Vulnerability
For more information about this vulnerability, refer to the security announcements for CVE-2021-3677 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugi...
GLSA-202211-04 : PostgreSQL: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202211-04 PostgreSQL: Multiple Vulnerabilities - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-38153 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use of "Arrays.equals" to validate a password or key. By...
SUSE SLES15: libecpg6 / libpq5 / libpq5-32bit / postgresql12 / etc (SUSE-SU-2022:2958-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2958-1 advisory. - Upgrade to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension...
SUSE: Security Advisory (SUSE-SU-2022:2958-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3677 affecting package postgresql 12.7-2
CVE-2021-3677 affecting package postgresql 12.7-2. An upgraded version of the package is available that resolves this issue...
CVE-2021-3677 affecting package postgresql for versions less than 14.2-1
CVE-2021-3677 affecting package postgresql for versions less than 14.2-1. An upgraded version of the package is available that resolves this issue...
CVE-2021-3677
CVE-2021-3677 is a memory disclosure flaw in PostgreSQL. A purpose-crafted query can read arbitrary server-memory bytes. In default configurations, any authenticated database user can trigger the attack without creating objects; if max_worker_processes=0, known variants are infeasible, though und...
Oracle Linux 8 : postgresql:13 (ELSA-2021-5236)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-5236 advisory. postgresql 13.5-1 - Update to 13.5 - Resolves: 2024608 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Moderate: Red Hat Security Advisory: postgresql:13 security update
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: postgresql:12 security update
An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2021:5236 Moderate: postgresql:13 security update
PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 13.5. Security Fixes: postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from...
RLSA-2021:5236 Moderate: postgresql:13 security update
PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 13.5. Security Fixes: postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from...
Moderate: postgresql:13 security update
PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 13.5. Security Fixes: postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from...
ALSA-2021:5235 Moderate: postgresql:12 security update
PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 12.9. Security Fixes: postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from...
RLSA-2021:5235 Moderate: postgresql:12 security update
PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 12.9. Security Fixes: postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from...
Moderate: postgresql:12 security update
PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 12.9. Security Fixes: postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from...