Tom Lane

4 exploits Active since Jul 2010
CVE-2021-23214 WRITEUP HIGH WRITEUP
PostgreSQL Certificate Authentication - SQL Injection via MITM
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
CVSS 8.1
CVE-2021-23222 WRITEUP MEDIUM WRITEUP
PostgreSQL 9.6 - SSL Certificate Verification Man-in-the-Middle Injection
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
CVSS 5.9
CVE-2010-2630 EXPLOITDB text WRITEUP
libtiff - Denial of Service via Malformed TIFF File
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
CVE-2010-2631 EXPLOITDB text WRITEUP
LibTIFF 3.9.0 - Denial of Service via Crafted TIFF File
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.