Lucene search

GoogleOSV:USN-5145-1

HistoryNov 11, 2021 - 6:26 p.m.

postgresql-10, postgresql-12, postgresql-13 vulnerabilities

2021-11-1118:26:10

Google

osv.dev

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

Jacob Champion discovered that PostgreSQL incorrectly handled SSL
certificate verification and encryption. A remote attacker could possibly
use this issue to inject arbitrary SQL queries when a connection is first
established.

References

ubuntu.com/security/CVE-2021-23214

ubuntu.com/security/CVE-2021-23222

ubuntu.com/security/notices/USN-5145-1

nessus

Ubuntu 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-5145-1)

2021-11-12 00:00:00

SUSE SLES12 Security Update : postgresql96 (SUSE-SU-2021:3757-1)

2021-11-23 00:00:00

SUSE SLED15 / SLES15 Security Update : postgresql12 (SUSE-SU-2021:3758-1)

2021-11-23 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2021:3761-1)

2021-11-23 00:00:00

Debian: Security Advisory (DSA-5007-1)

2021-11-14 00:00:00

openSUSE: Security Advisory for postgresql14 (openSUSE-SU-2021:3759-1)

2021-11-23 00:00:00

mageia

Updated postgresql packages fix security vulnerability

2021-11-25 16:06:13

suse

Security update for postgresql12 (important)

2021-11-22 00:00:00

Security update for postgresql13 (important)

2021-11-22 00:00:00

Security update for postgresql10 (important)

2021-12-14 00:00:00

redos

ROS-20220125-13

2022-01-25 00:00:00

altlinux

Security fix for the ALT Linux 9 package postgresql12-1C version 12.7-alt0.M90P.3

2021-12-03 00:00:00

Security fix for the ALT Linux 10 package postgresql13 version 13.5-alt1

2021-11-23 00:00:00

Security fix for the ALT Linux 10 package postgresql15-1C version 13.3-alt5

2021-11-10 00:00:00

osv

postgresql-11 - security update

2021-11-11 00:00:00

postgresql-9.6 - security update

2021-11-12 00:00:00

postgresql-13 - security update

2021-11-11 00:00:00

ubuntu

PostgreSQL vulnerabilities

2021-11-11 00:00:00

PostgreSQL vulnerability

2022-12-07 00:00:00

PostgreSQL vulnerabilities

2022-09-28 00:00:00

debian

[SECURITY] [DSA 5006-1] postgresql-11 security update

2021-11-11 21:49:53

[SECURITY] [DSA 5007-1] postgresql-13 security update

2021-11-11 21:52:56

[SECURITY] [DLA 2817-1] postgresql-9.6 security update

2021-11-12 08:46:22

freebsd

PostgreSQL -- Possible man-in-the-middle attacks

2021-11-08 00:00:00

ibm

Security Bulletin: A security vulnerability inPostgreSQL affects IBM Cloud Pak for Multicloud Management Infrastructure Management

2022-10-21 17:09:42

Security Bulletin: EDB Postgres Advanced Server with IBM and IBM Data Management Platform for EDB Postgres (Standard or Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack.

2022-02-10 17:57:59

Security Bulletin: Due to use of PostgreSQL, IBM Robotic Process Automation with Automation Anywhere is vulnerable to SQL injection (CVE-2021-23214)

2022-04-01 15:08:28

kaspersky

KLA12378 Multiple vulnerabilities in PostgreSQL

2021-11-11 00:00:00

redhat

(RHSA-2021:5179) Moderate: rh-postgresql13-postgresql security update

2021-12-16 11:34:46

(RHSA-2021:5197) Moderate: rh-postgresql12-postgresql security update

2021-12-16 18:07:11

(RHSA-2022:1830) Moderate: postgresql:10 security update

2022-05-10 08:03:34

github

PostgresNIO processes unencrypted bytes from man-in-the-middle

2023-05-10 19:20:16

fedora

[SECURITY] Fedora 35 Update: pgbouncer-1.16.1-1.fc35

2021-12-31 01:21:38

rocky

postgresql:10 security update

2022-05-10 08:03:34

libpq security update

2022-05-10 06:36:04

postgresql:12 security update

2021-12-21 09:10:31

veracode

Man-in-the-Middle (MitM)

2021-11-14 07:40:11

Denial Of Service (DoS)

2021-11-14 07:42:43

cbl_mariner

CVE-2021-23214 affecting package postgresql for versions less than 14.2-1

2022-04-26 20:17:02

CVE-2021-23214 affecting package postgresql 12.8-1

2022-03-19 16:40:54

CVE-2021-23222 affecting package postgresql 12.8-1

2022-03-19 16:40:54

nvd

CVE-2021-23214

2022-03-04 16:15:08

CVE-2021-23222

2022-03-02 23:15:08

CVE-2021-43766

2022-08-25 18:15:09

amazon

Medium: postgresql93

2023-01-18 20:56:00

Medium: postgresql94

2023-01-18 20:56:00

Medium: postgresql92

2023-01-18 20:56:00

almalinux

Moderate: postgresql:10 security update

2022-05-10 08:03:34

Low: libpq security update

2022-05-10 06:36:04

Moderate: postgresql:12 security update

2021-12-21 09:10:31

debiancve

CVE-2021-23214

2022-03-04 16:15:08

CVE-2021-23222

2022-03-02 23:15:08

redhatcve

CVE-2021-23214

2022-04-26 22:23:51

CVE-2021-23222

2021-11-12 12:00:28

alpinelinux

CVE-2021-23214

2022-03-04 16:15:08

CVE-2021-23222

2022-03-02 23:15:08

ubuntucve

CVE-2021-23214

2021-11-11 00:00:00

CVE-2021-23222

2021-11-11 00:00:00

archlinux

[ASA-202203-1] postgresql: man-in-the-middle

2022-03-25 00:00:00

[ASA-202204-1] postgresql: man-in-the-middle

2022-04-04 00:00:00

oraclelinux

postgresql:10 security update

2022-05-17 00:00:00

libpq security update

2022-05-17 00:00:00

postgresql:12 security update

2021-12-22 00:00:00

cvelist

CVE-2021-23214

2022-03-04 00:00:00

CVE-2021-23222

2022-03-02 00:00:00

CVE-2021-43766

2022-08-25 17:27:31

prion

Sql injection

2022-03-04 16:15:00

Design/Logic Flaw

2022-03-02 23:15:00

Sql injection

2022-08-25 18:15:00

cve

CVE-2021-23214

2022-03-04 16:15:08

CVE-2021-23222

2022-03-02 23:15:08

CVE-2021-43766

2022-08-25 18:15:09

gentoo

PostgreSQL: Multiple Vulnerabilities

2022-11-19 00:00:00

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

postgresql-10, postgresql-12, postgresql-13 vulnerabilities

References

Related