Msrc Cbl2 Postgresql 14.2-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2021-23214 [HIGH] CWE-89 When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of SSL certificate verification and

CVE-2021-23222 [MEDIUM] CWE-522 A man-in-the-middle attacker can inject false responses to the client's first few queries despite the use of SSL certificate verification and encryption. A man-in-the-middle attacker can inject false responses to the client's first few queries despite the use of SSL certificate verification and encryption. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the m

CVE-2021-3677 [MEDIUM] CWE-200 A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration any authenticated database user can complete this attack at will. The at A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server setti