Gentoo FoundationMGASA-2021-0523

HistoryNov 25, 2021 - 4:06 p.m.

Vulners
/
Mageia
/
Updated postgresql packages fix security vulnerability

Updated postgresql packages fix security vulnerability

2021-11-2516:06:13

Gentoo Foundation

advisories.mageia.org

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.2%

JSON

Server processes unencrypted bytes from man-in-the-middle. (CVE-2021-23214) libpq processes unencrypted bytes from man-in-the-middle. (CVE-2021-23222)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchpostgresql11< 11.14-1postgresql11-11.14-1.mga8
Mageia8noarchpostgresql13< 13.5-1postgresql13-13.5-1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	postgresql11	< 11.14-1	postgresql11-11.14-1.mga8
Mageia	8	noarch	postgresql13	< 13.5-1	postgresql13-13.5-1.mga8

References

bugs.mageia.org/show_bug.cgi?id=29655

www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/

nessus 58

redos 1

altlinux 13

openvas 31

ubuntu 3

osv 21

suse 5

kaspersky 1

debian 3

freebsd 1

ibm 7

github 1

redhat 6

fedora 1

rocky 4

veracode 2

almalinux 4

cbl_mariner 4

nvd 3

amazon 6

oraclelinux 4

archlinux 2

prion 3

cvelist 3

cve 3

debiancve 2

redhatcve 2

alpinelinux 2

ubuntucve 2

gentoo 1

nessus

Debian DLA-2817-1 : postgresql-9.6 - LTS security update

2021-11-12 00:00:00

openSUSE 15 Security Update : postgresql13 (openSUSE-SU-2021:3762-1)

2021-11-23 00:00:00

SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2021:4058-1)

2021-12-15 00:00:00

redos

ROS-20220125-13

2022-01-25 00:00:00

altlinux

Security fix for the ALT Linux 9 package postgresql12-1C version 12.7-alt0.M90P.3

2021-12-03 00:00:00

Security fix for the ALT Linux 10 package postgresql13 version 13.5-alt1

2021-11-23 00:00:00

Security fix for the ALT Linux 9 package postgresql12 version 12.9-alt0.M90P.1

2021-12-03 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2021:4058-1)

2021-12-15 00:00:00

Ubuntu: Security Advisory (USN-5145-1)

2021-11-12 00:00:00

PostgreSQL < 9.6.24, 10.x < 10.19, 11.x < 11.14, 12.x < 12.9, 13.x < 13.5, 14.x < 14.1 Multiple Vulnerabilities - Windows

2021-11-15 00:00:00

ubuntu

PostgreSQL vulnerabilities

2021-11-11 00:00:00

PostgreSQL vulnerability

2022-12-07 00:00:00

PostgreSQL vulnerabilities

2022-09-28 00:00:00

osv

postgresql-11 - security update

2021-11-11 00:00:00

postgresql-13 - security update

2021-11-11 00:00:00

postgresql-10, postgresql-12, postgresql-13 vulnerabilities

2021-11-11 18:26:10

suse

Security update for postgresql12 (important)

2021-11-22 00:00:00

Security update for postgresql13 (important)

2021-11-22 00:00:00

Security update for postgresql14 (important)

2021-11-22 00:00:00

kaspersky

KLA12378 Multiple vulnerabilities in PostgreSQL

2021-11-11 00:00:00

debian

[SECURITY] [DLA 2817-1] postgresql-9.6 security update

2021-11-12 08:46:22

[SECURITY] [DSA 5006-1] postgresql-11 security update

2021-11-11 21:49:53

[SECURITY] [DSA 5007-1] postgresql-13 security update

2021-11-11 21:52:56

freebsd

PostgreSQL -- Possible man-in-the-middle attacks

2021-11-08 00:00:00

ibm

Security Bulletin: A security vulnerability inPostgreSQL affects IBM Cloud Pak for Multicloud Management Infrastructure Management

2022-10-21 17:09:42

Security Bulletin: EDB Postgres Advanced Server with IBM and IBM Data Management Platform for EDB Postgres (Standard or Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack.

2022-02-10 17:57:59

Security Bulletin: Due to use of PostgreSQL, IBM Robotic Process Automation with Automation Anywhere is vulnerable to SQL injection (CVE-2021-23214)

2022-04-01 15:08:28

github

PostgresNIO processes unencrypted bytes from man-in-the-middle

2023-05-10 19:20:16

redhat

(RHSA-2021:5197) Moderate: rh-postgresql12-postgresql security update

2021-12-16 18:07:11

(RHSA-2021:5179) Moderate: rh-postgresql13-postgresql security update

2021-12-16 11:34:46

(RHSA-2022:1830) Moderate: postgresql:10 security update

2022-05-10 08:03:34

fedora

[SECURITY] Fedora 35 Update: pgbouncer-1.16.1-1.fc35

2021-12-31 01:21:38

rocky

postgresql:10 security update

2022-05-10 08:03:34

libpq security update

2022-05-10 06:36:04

postgresql:12 security update

2021-12-21 09:10:31

veracode

Man-in-the-Middle (MitM)

2021-11-14 07:40:11

Denial Of Service (DoS)

2021-11-14 07:42:43

almalinux

Moderate: postgresql:10 security update

2022-05-10 08:03:34

Low: libpq security update

2022-05-10 06:36:04

Moderate: postgresql:12 security update

2021-12-21 09:10:31

cbl_mariner

CVE-2021-23214 affecting package postgresql for versions less than 14.2-1

2022-04-26 20:17:02

CVE-2021-23214 affecting package postgresql 12.8-1

2022-03-19 16:40:54

CVE-2021-23222 affecting package postgresql 12.8-1

2022-03-19 16:40:54

nvd

CVE-2021-23214

2022-03-04 16:15:08

CVE-2021-23222

2022-03-02 23:15:08

CVE-2021-43766

2022-08-25 18:15:09

amazon

Medium: postgresql93

2023-01-18 20:56:00

Medium: postgresql92

2023-01-18 20:56:00

Medium: postgresql

2023-02-17 00:11:00

oraclelinux

postgresql:10 security update

2022-05-17 00:00:00

libpq security update

2022-05-17 00:00:00

postgresql:12 security update

2021-12-22 00:00:00

archlinux

[ASA-202203-1] postgresql: man-in-the-middle

2022-03-25 00:00:00

[ASA-202204-1] postgresql: man-in-the-middle

2022-04-04 00:00:00

prion

Sql injection

2022-03-04 16:15:00

Design/Logic Flaw

2022-03-02 23:15:00

Sql injection

2022-08-25 18:15:00

cvelist

CVE-2021-23214

2022-03-04 00:00:00

CVE-2021-23222

2022-03-02 00:00:00

CVE-2021-43766

2022-08-25 17:27:31

cve

CVE-2021-23214

2022-03-04 16:15:08

CVE-2021-23222

2022-03-02 23:15:08

CVE-2021-43766

2022-08-25 18:15:09

debiancve

CVE-2021-23214

2022-03-04 16:15:08

CVE-2021-23222

2022-03-02 23:15:08

redhatcve

CVE-2021-23214

2022-04-26 22:23:51

CVE-2021-23222

2021-11-12 12:00:28

alpinelinux

CVE-2021-23214

2022-03-04 16:15:08

CVE-2021-23222

2022-03-02 23:15:08

ubuntucve

CVE-2021-23214

2021-11-11 00:00:00

CVE-2021-23222

2021-11-11 00:00:00

gentoo

PostgreSQL: Multiple Vulnerabilities

2022-11-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.2%

JSON

Related for MGASA-2021-0523