554 matches found
CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
[SECURITY] Fedora 26 Update: python-jsonrpclib-0.3.1-1.fc26
This project is an implementation of the JSON-RPC v2.0 specification backwards-compatible as a client library, for Python 2.7 and Python 3. This version is a fork of jsonrpclib by Josh Marshall, usable with Pelix remote services...
Debian: Security Advisory (DLA-819-2)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Recurly Client .NET Library Server-Side Request Forgery Attack Vulnerability
Recurly Client .NET Library is an API wrapper for Recurly from Recurly USA. A server-side request forgery attack vulnerability exists in Recurly Client .NET Library, which stems from the program failing to properly use the 'Uri.EscapeUriString' function. The vulnerability can be exploited by an...
mysql: prepared statement handle use-after-free after disconnect
A flaw was found in the way MySQL client library libmysqlclient handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient...
postgresql: libpq ignores PGREQUIRESSL environment variable
It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...
mysql: prepared statement handle use-after-free after disconnect
A flaw was found in the way MySQL client library libmysqlclient handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient...
[SECURITY] Fedora 26 Update: globus-gram-client-13.18-1.fc26
The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for thei...
[SECURITY] Fedora 26 Update: globus-ftp-client-8.36-1.fc26
The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for thei...
postgresql: libpq ignores PGREQUIRESSL environment variable
It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...
postgresql: libpq ignores PGREQUIRESSL environment variable
It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...
[SECURITY] Fedora 25 Update: globus-ftp-client-8.35-2.fc25
The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for thei...
[SECURITY] Fedora 24 Update: globus-ftp-client-8.35-2.fc24
The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for thei...
CVE-2015-3254
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service infinite recursion via vectors involving the skip function...
MiniUPnP MiniUPnPc Denial of Service Vulnerability
The MiniUPnP project provides software that supports the UPnP Internet Gateway Device IGD specification. The project is divided into two parts, MiniUPnPc and MiniUPnPd. MiniUPnPc is a client library that enables applications to access services provided by UPnP "Internet Gateway Devices" present o...
[SECURITY] Fedora 25 Update: python-PyMySQL-0.7.10-10.fc25
This package contains a pure-Python MySQL client library. The goal of PyMyS QL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPyth on and Jython...
MGASA-2017-0054 Updated mariadb packages fix security vulnerability
Root Privilege Escalation CVE-2016-6664. Unspecified vulnerability affecting the Optimizer component CVE-2017-3238. Unspecified vulnerability affecting the Charsets component CVE-2017-3243. Unspecified vulnerability affecing the DML component CVE-2017-3244. Unspecified vulnerability affecting...
SUSE-SU-2017:0412-1 Security update for mariadb
This mariadb version update to 10.0.29 fixes the following issues: - CVE-2017-3318: unspecified vulnerability affecting Error Handling bsc1020896 - CVE-2017-3317: unspecified vulnerability affecting Logging bsc1020894 - CVE-2017-3312: insecure error log file handling in mysqldsafe, incomplete...
SUSE-SU-2017:0411-1 Security update for mariadb
This mariadb version update to 10.0.29 fixes the following issues: - CVE-2017-3318: unspecified vulnerability affecting Error Handling bsc1020896 - CVE-2017-3317: unspecified vulnerability affecting Logging bsc1020894 - CVE-2017-3312: insecure error log file handling in mysqldsafe, incomplete...
SUSE-SU-2017:0408-1 Security update for mysql
This mysql version update to 5.5.54 fixes the following issues: - CVE-2017-3318: Unspecified vulnerability affecting Error Handling bsc1020896 - CVE-2017-3317: Unspecified vulnerability affecting Logging bsc1020894 - CVE-2017-3313: Unspecified vulnerability affecting the MyISAM component bsc10208...