Security Bulletin: IBM Sterling Connect:Direct for OpenVMS. Unencrypted data transfers can occur even when SSL encryption is specified in the security configuration. (CVE-2013-4035)

Abstract Unencrypted data transfers can occur even when SSL encryption is specified in the security configuration. Content VULNERABILITY DETAILS: CVEID: CVE-2013-4035 DESCRIPTION: When Connect:Direct for OpenVMS is the server in a TCP/IP session, and the client requests an unencrypted session, C:...

SUSE-SU-2022:2893-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368. - Upgrade to 10.21: - CVE-2022-1552: Confined additional operations within 'security restricted...

Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Reolink E1 Zoom Camera Vendor URL: https://reolink.com/product/e1-zoom/ Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2021-08-26 Date published:...

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

A newly discovered and complex remote access trojan RAT is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the novel malware variant is written in the OS-agnostic G...

Fortinet FortiClient for Windows权限提升漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. executable file in the FortiClient installer...

OPENSUSE-SU-2021:1584-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake bsc1192516. This update was imported...

SUSE-SU-2021:4058-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake bsc1192516...

OPENSUSE-SU-2021:4058-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake bsc1192516...

OPENSUSE-SU-2021:3762-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake bsc1192516...

SUSE-SU-2021:3762-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake bsc1192516...

SUSE-SU-2021:3761-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake bsc1192516...

SUSE-SU-2021:3760-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake bsc1192516...

SUSE-SU-2021:3759-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - Let rpmlint ignore...

OPENSUSE-SU-2021:3758-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake bsc1192516...

Security update for postgresql13 (important)

openSUSE Security Update: Security update for postgresql13 Announcement ID: openSUSE-SU-2021:3762-1 Rating: important References: 1192516 Cross-References: CVE-2021-23214 CVE-2021-23222 CVSS scores: CVE-2021-23214 SUSE: 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-23222 SUSE: 3.7...

SUSE: Security Advisory (SUSE-SU-2021:3755-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-23222

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

Protecting Sensitive Cardholder Data in Today’s Hyper-Connected World

The payment processing system has steadily evolved over time. Greatly amplified by the COVID-19 pandemic, the use of electronic payment systems in this economy has soared nearly overnight. With online shopping at an all-time high as consumer behaviors shift toward more convenience and flexibility...

GaussDB Kernel: Configuring the SSL Encryption Algorithm

sslciphers specifies the SSL encryption algorithms used for secure connections. GaussDB Kernel supports the following algorithms: - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-AES128-CCM - DHE-RSA-AES256-CCM You are advised to set sslciphers to ALL. Then, GaussDB Kernel uses...

openGauss: Configuring the SSL Encryption Algorithm

sslciphers specifies the SSL encryption algorithms used for secure connections. openGauss supports the following algorithms: - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES256-GCM-SHA384 - DHE-DSS-AES128-GCM-SHA256 - DHE-RSA-AES256-SHA256 - DHE-RSA-AES128-SHA256 -...