postgresql-libs - Arch Linux
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2547 | 13.4-4 | Low | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-23222 | AVG-2547 | Low | Yes | Man-in-the-middle | A security issue has been found in PostgreSQL versions 9.6 up to 14. A man-in-the-middle attacker can inject false responses to the client's first few... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1019 | 11.4-1 | 11.5-1 | Medium | Fixed | |
| AVG-280 | 9.6.2-1 | 9.6.3-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-10209 | AVG-1019 | Low | Yes | Information disclosure | An issue has been found in PostgreSQL >= 11.0 and < 11.5. In a database containing hypothetical, user-defined hash equality operators, an attacker could... |
| CVE-2019-10208 | AVG-1019 | Medium | Yes | Access restriction bypass | A security issue has been found in PostgreSQL < 11.5 where given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the... |
| CVE-2017-7485 | AVG-280 | High | Yes | Man-in-the-middle | A security issue has been found in the libpq component of PostgreSQL < 9.6.3, where the PGREQUIRESSL was no longer enforcing a SSL/TLS connection to a... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 10 Aug 2019 | ASA-201908-7 | AVG-1019 | Medium | multiple issues |
| 30 May 2017 | ASA-201705-24 | AVG-280 | High | man-in-the-middle |