mysql -- denial of service vulnerability

Openwall reports: C client library for MySQL libmysqlclient.so has use-after-free defect which can cause crash of applications using that MySQL client...

MiniUPnPc: Buffer overflow

Background UPnP client library and a simple UPnP client. Description An out-of-bounds read was discovered in the getHTTPResponse function in miniwget.c in MiniUPnPc. Impact Remote attackers, through specially crafted headers, could cause a Denial of Service condition. Workaround There is no known...

[SECURITY] Fedora 25 Update: libX11-1.6.4-1.fc25

Core X11 protocol client library...

[SECURITY] Fedora 25 Update: python-proteus-4.0.2-1.fc25

A client library to access Tryton's internal objects like Models and Wizard s...

Amazon Linux AMI : mysql55 (ALAS-2016-738)

It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. CVE-2016-2047...

mysql: ssl-validate-cert incorrect hostname check

It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client...

CVE-2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream...

UBUNTU-CVE-2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream...

[SECURITY] Fedora 23 Update: openstack-glance-2015.1.2-1.fc23

OpenStack Image Service code-named Glance provides discovery, registratio n, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual d isk images stored in a variety of back-end stores, including OpenSta...

CVE-2006-1017

The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the 1 safemode or 2 openbasedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imapopen function, allow remote attackers to obtain access to ...

APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007

APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address the following: Accelerate Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiti...

Heap overflow

Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client...

CVE-2015-7015

Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client...

mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)

It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client an...

mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)

It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client an...

[SECURITY] Fedora 22 Update: python-httplib2-0.9-6.fc22

A comprehensive HTTP client library that supports many features left out of other HTTP libraries...

[SECURITY] Fedora 19 Update: zarafa-7.1.11-1.fc19

The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an...

CentOS 5 : krb5 (CESA-2014:1245)

Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

[SECURITY] Fedora 20 Update: smack-3.2.2-5.fc20

Smack is an Open Source XMPP Jabber client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages and presence-enabling devices...

Neon WebDAV Client Library 0.2x Format String Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10136/info It has been reported that the Neon client library is prone to multiple remote format string vulnerabilities. This issue is due to a failure of the application to properly implement format string functions...