Connection security vulnerability with schema sync

pgsync drops connection parameters when syncing the schema with the --schema-first and --schema-only options. Some of these parameters may affect security. For instance, if sslmode is dropped, the connection may not use SSL. The first connection parameter is not affected. pgsync drops connection...

SUSE: Security Advisory (SUSE-SU-2015:0688-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GaussDB Kernel: Deleting hostnossl Entries from the pg_hba.conf File

The connections specified by the hostnossl entries are not encrypted using SSL. Considering security, you are advised to use the SSL connection. SSL can be used for connections between the CN and external nodes but not for connections between internal nodes. Copyright C 2020 Greenbone Networks Gm...

SUSE-OU-2020:3291-1 Optional update for python-redis and redis

This optional update for python-redis and redis provides the following fixes python-redis: - Update to version to 3.4.1 jscECO-2417 Move the username argument in the Redis and Connection classes to the end of the argument list. This helps those poor souls that specify all their connection options...

SUSE-SU-2020:3151-1 Security update for apache-commons-httpclient

This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

Man-in-the-Middle (MitM)

puppet-agent is vulnerable to man-in-the-middle attack. The Puppet Agent does not properly verify the SSL connection when downloading a CRL...

CVE-2020-15187

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform thi...

Denial Of Service (DoS)

libvncserver.so is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference in libvncclient/tlsopenssl.c when opening a SSL connection...

Security update for axel (moderate)

openSUSE Security Update: Security update for axel Announcement ID: openSUSE-SU-2020:0778-1 Rating: moderate References: 1172159 Cross-References: CVE-2020-13614 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for axel fixes...

httpd security, bug fix, and enhancement update

2.4.6-93.0.1 - replace index.html with Oracles index page oracleindex.html 2.4.6-93 - Resolves: 1677496 - CVE-2018-17199 httpd: modsessioncookie does not respect expiry time 2.4.6-92 - htpasswd: add SHA-2 crypt support 1486889 2.4.6-91 - Resolves: 1630886 - scriptlet can fail if hostname is not...

Remote Desktop Gateway - BlueGate Denial of Service (PoC)

Remote Desktop Gateway - BlueGate Denial of Service PoC include "BlueGate.h" / EDB Note: - Download Binary https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47964-1.exe - Download Source...

CVE-2018-11751

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0...

CVE-2018-11751

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0...

CVE-2018-11751

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0...

CVE-2011-3355

evolution-data-server3 3.0.3 through 3.2.1 used insecure non-SSL connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim...

Debian DLA-1886-2 : openjdk-7 regression update

The latest security update of openjdk-7 caused a regression when applications relied on elliptic curve algorithms to establish SSL connections. Several duplicate classes were removed from rt.jar by the upstream developers of OpenJDK because they were also present in sunec.jar. However Debian neve...

CVE-2017-11578

CVE-2017-11578 affects the Blipcare wireless blood pressure monitor. The device exposes its web management interface over plain HTTP (non-SSL), allowing an attacker on the same wireless network to conduct a MITM and sniff the user’s Wi‑Fi credentials. The impact is disclosure of credentials witho...

The vulnerability of the urllib3 module in the Python programming language, related to errors in the certificate validation process, allows a perpetrator to establish an SSL connection.

The vulnerability of the urllib3 module in the Python programming language is related to errors in the certificate validation process. Exploiting this vulnerability allows a malicious actor to establish an SSL connection during a certificate validation failure...

Privilege Escalation

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating...

Man-In-The-Middle (MitM)

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating...