CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43767
https://notcve.org/view.php?id=CVE-2021-43767
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL. Odyssey pasa al cliente bytes no encriptados por el hombre en el medio Cuando el almacenamiento de Odyssey está configurado para usar el servidor PostgreSQL usando autenticación "trust" con un requisito "clientcert" o para usar autenticación "cert", un atacante hombre en el medio puede inyectar respuestas falsas a las primeras consultas del cliente. A pesar del uso de la verificación y el cifrado del certificado SSL, Odyssey pasará estos resultados al cliente como si hubieran sido originados en un servidor válido. • https://github.com/yandex/odyssey/issues/377%2C https://www.postgresql.org/support/security/CVE-2021-23222 • CWE-295: Improper Certificate Validation CWE-522: Insufficiently Protected Credentials •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2021-23222 – postgresql: libpq processes unencrypted bytes from man-in-the-middle
https://notcve.org/view.php?id=CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. Un atacante de tipo man-in-the-middle puede inyectar respuestas falsas a las primeras consultas del cliente, a pesar de haber usado la verificación y el cifrado de certificados SSL • https://bugzilla.redhat.com/show_bug.cgi?id=2022675 https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=d83cdfdca9d918bbbd6bb209139b94c954da7228 https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45 https://security.gentoo.org/glsa/202211-04 https://www.postgresql.org/support/security/CVE-2021-23222 https://access.redhat.com/security/cve/CVE-2021-23222 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-23214 – postgresql: server processes unencrypted bytes from man-in-the-middle
https://notcve.org/view.php?id=CVE-2021-23214
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. Cuando el servidor está configurado para usar la autenticación confiable con un requisito de clientcert o para usar la autenticación de cert, un atacante de tipo man-in-the-middle puede inyectar consultas SQL arbitrarias cuando es establecida una conexión por primera vez, a pesar del uso de la verificación y el cifrado del certificado SSL It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands. • https://bugzilla.redhat.com/show_bug.cgi?id=2022666 https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=28e24125541545483093819efae9bca603441951 https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951 https://security.gentoo.org/glsa/202211-04 https://www.postgresql.org/support/security/CVE-2021-23214 https://access.redhat.com/security/cve/CVE-2021-23214 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-32027 – postgresql: Buffer overrun from integer overflow in array subscripting calculations
https://notcve.org/view.php?id=CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en postgresql en las versiones anteriores a 13.3, versiones anteriores a 12.7, versiones anteriores a 11.12, versiones anteriores a 10.17 y versiones anteriores a 9.6.22. Cuando se modifican determinados valores de matrices SQL, una falta de comprobación de límites permite a usuarios autentificados de la base de datos escribir bytes arbitrarios en una amplia zona de la memoria del servidor. • https://bugzilla.redhat.com/show_bug.cgi?id=1956876 https://security.gentoo.org/glsa/202211-04 https://security.netapp.com/advisory/ntap-20210713-0004 https://www.postgresql.org/support/security/CVE-2021-32027 https://access.redhat.com/security/cve/CVE-2021-32027 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-32028 – postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
https://notcve.org/view.php?id=CVE-2021-32028
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. • https://bugzilla.redhat.com/show_bug.cgi?id=1956877 https://security.gentoo.org/glsa/202211-04 https://security.netapp.com/advisory/ntap-20211112-0003 https://www.postgresql.org/support/security/CVE-2021-32028 https://access.redhat.com/security/cve/CVE-2021-32028 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •