Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Information
N/A
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
PostgreSQL 加密问题漏洞
Vulnerability Description
PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性,例如外键、触发器、视图等。 PostgreSQL 12.5之前版本存在加密问题漏洞,该漏洞源于如果丢弃了与安全性相关的参数(例如channel_binding,sslmode,requirepeer,gssencmode),则攻击者就有机会完成MITM攻击或观察明文传输。
CVSS Information
N/A
Vulnerability Type
N/A