Lucene search
K

143 matches found

OSV
OSV
added 2022/05/10 6:36 a.m.23 views

ALSA-2022:1891 Low: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: libpq processes unencrypted bytes from man-in-the-middle CVE-2021-23222 For more details about the security issues, including the impact, a CVSS...

5.9CVSS7.2AI score0.01501EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2022/05/10 6:36 a.m.26 views

libpq security update

An update is available for libpq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpq package provides the PostgreSQL client library, which allows client...

5.9CVSS6.9AI score0.01501EPSS
Exploits0
Snyk
Snyk
added 2022/02/03 6:1 a.m.4 views

Denial of Service (DoS)

Overview libpq is a node native bindings to the PostgreSQL libpq C client library. Affected versions of this package are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native ...

7.5CVSS7AI score0.01274EPSS
Exploits1References2
OSV
OSV
added 2021/06/14 7:0 p.m.5 views

ALEA-2021:2421 libpq bug fix and enhancement update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq 13.3. BZ1966205...

7.1AI score
Exploits0
AlmaLinux
AlmaLinux
added 2021/06/14 7:0 p.m.13 views

libpq bug fix and enhancement update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq 13.3. BZ1966205...

3.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/01/18 4:17 p.m.86 views

Important: Red Hat Security Advisory: libpq security update

An update for libpq is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.1CVSS6.7AI score0.02586EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2020/12/14 12:34 p.m.41 views

Important: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq 12.5. BZ1898228, BZ1901558 Security Fixes: postgresql: Reconnection can downgrade connection securi...

7.6CVSS3.6AI score0.02586EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/12/01 12:0 a.m.4 views

The vulnerability of the client component of the PostgreSQL database management system allows a hacker to execute a type of “man-in-the-middle” attack.

The vulnerability of the client component of the PostgreSQL database management system is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...

9.8CVSS7.4AI score0.01574EPSS
Exploits0References10Affected Software7
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.31 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : postgresql Vulnerability (NS-SA-2019-0036)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has postgresql packages installed that are affected by a vulnerability: - A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If...

8.5CVSS7.8AI score0.05154EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/28 12:0 a.m.14 views

Debian DLA-1642-1 : postgresql-9.4 new minor release

The PostgreSQL project has release a new minor release of the 9.4 branch. For Debian 8 'Jessie', this has been uploaded as version 9.4.20-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. NOTE: Tenable Network Security has extracted the preceding description block directly fro...

5.3AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/12/13 3:15 p.m.4 views

postgresql: Certain host connection parameters defeat client-side security defenses

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7.3AI score0.05154EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/12/07 12:0 a.m.58 views

Amazon Linux AMI : postgresql96 (ALAS-2018-1119)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

9.1CVSS6.9AI score0.05154EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/08/27 8:35 a.m.22 views

postgresql: Certain host connection parameters defeat client-side security defenses

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7.3AI score0.05154EPSS
Exploits0References5
OSV
OSV
added 2018/08/16 1:9 p.m.2 views

USN-3744-1 postgresql-10, postgresql-9.3, postgresql-9.5 vulnerabilities

Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

8.5CVSS7.3AI score0.05154EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/08/07 4:11 p.m.5 views

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

5.9CVSS7.4AI score0.02042EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/07/05 5:54 a.m.5 views

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

5.9CVSS7.4AI score0.02042EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/07/05 5:44 a.m.6 views

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

5.9CVSS7.4AI score0.02042EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/03 6:9 a.m.3 views

DBD::PgPP vulnerable to SQL injection

Overview DBD::PgPP is a pure-Perl client interface for the PostgreSQL database. DBD::PgPP contains a SQL injection vulnerability. Toshiharu Sugiyama reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If DBD::Pg...

9.8CVSS7.9AI score0.01559EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2012/03/12 12:0 a.m.37 views

FreeBSD Ports: postgresql-client

The remote host is missing an update to the system as announced in the referenced advisory. VID 174b8864-6237-11e1-be18-14dae938ec40 OpenVAS Vulnerability Test $ Description: Auto generated from VID 174b8864-6237-11e1-be18-14dae938ec40 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

6.8CVSS6.8AI score0.03625EPSS
Exploits1
OpenVAS
OpenVAS
added 2012/03/12 12:0 a.m.29 views

FreeBSD Ports: postgresql-client

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

6.8CVSS6.6AI score0.03625EPSS
Exploits1References2
Rows per page
Query Builder