Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. CVE-2025-68160: Heap out-of-bounds write in BIOflinebuffer on short writes bsc1256834. CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level...

MiracleLinux 8 : postgresql:12 (AXSA:2022-2992:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2992:01 advisory. postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from man-in-the-middle CVE-2021-23214...

CVE-2021-43766

Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate...

PostgresNIO processes unencrypted bytes from man-in-the-middle

Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...

PostgresNIO processes unencrypted bytes from man-in-the-middle

Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim from...

Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.

...

Sql injection

Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate...

Tyler Odyssey 信任管理问题漏洞

Tyler Technologies Tyler Odyssey is a court and judicial software system from Tyler Technologies, USA. Tyler Odyssey suffers from a security vulnerability that stems from passing unencrypted bytes from an intermediary to a client An intermediary attacker can inject an incorrect response to the...

postgresql: libpq processes unencrypted bytes from man-in-the-middle

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

ALSA-2021:5236 Moderate: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 13.5. Security Fixes: postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from...

RLSA-2021:5236 Moderate: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 13.5. Security Fixes: postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from...

RLSA-2021:5235 Moderate: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 12.9. Security Fixes: postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from...

Moderate: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 12.9. Security Fixes: postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from...

Moderate: Red Hat Security Advisory: rh-postgresql13-postgresql security update

An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 : rh-postgresql12-postgresql (RHSA-2021:5197)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5197 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

MGASA-2021-0523 Updated postgresql packages fix security vulnerability

Server processes unencrypted bytes from man-in-the-middle. CVE-2021-23214 libpq processes unencrypted bytes from man-in-the-middle. CVE-2021-23222...

Vulnerability in core server (CVE-2021-23214)

Server processes unencrypted bytes from man-in-the-middle When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of...

Vulnerability in client (CVE-2021-23222)

libpq processes unencrypted bytes from man-in-the-middle A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. If more preconditions hold, the attacker can exfiltrate the client's password or othe...