Lucene search
+L

84 matches found

OSV
OSV
added 2018/08/16 1:9 p.m.3 views

USN-3744-1 postgresql-10, postgresql-9.3, postgresql-9.5 vulnerabilities

Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

8.5CVSS7.3AI score0.05154EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/08/07 4:11 p.m.5 views

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

5.9CVSS7.4AI score0.02042EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/07/05 5:54 a.m.6 views

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

5.9CVSS7.4AI score0.02042EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/07/05 5:44 a.m.6 views

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

5.9CVSS7.4AI score0.02042EPSS
Exploits0References5
Rows per page
Query Builder