Msrc Cm1 Postgresql 12.12-1 On Cbl Mariner 1.0 vulnerabilities

4 known vulnerabilities affecting msrc/cm1_postgresql_12.12-1_on_cbl_mariner_1.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-1552HIGHCVSS 8.82022-08-09
CVE-2022-1552 [HIGH] CWE-459 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum REINDEX CREATE INDEX REFRESH MA A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum REINDEX CREATE INDEX REFRESH MATERIALIZED VIEW CLUSTER and pg_amcheck commands activated relevant pro
msrc
CVE-2022-2625HIGHCVSS 8.02022-08-09
CVE-2022-2625 [HIGH] CWE-1321 A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema the ability to lure or wait for an administrator to create or update an A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema the ability to lure or wait for an administrator to create or update an affected extension in that schema and the ability to lure or wait for
msrc
CVE-2021-43766HIGHCVSS 8.12022-08-09
CVE-2021-43766 [HIGH] CWE-295 Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication a man-in-the-middle attacker can inject arbitrary Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of
msrc
CVE-2021-43767MEDIUMCVSS 5.92022-08-09
CVE-2021-43767 [MEDIUM] CWE-295 Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication a man-in-the-middle attacker can inject fals
msrc