39 matches found
postgresql: PostgreSQL: Denial of Service via uncontrolled recursion in SSL/GSS negotiation
A flaw was found in PostgreSQL. Uncontrolled recursion during SSL Secure Sockets Layer and GSS Generic Security Service negotiation allows an attacker to achieve a sustained denial of service. This can be exploited by an attacker with access to a PostgreSQL AFUNIX socket. If SSL and GSS are both...
USN-8294-1: PostgreSQL vulnerabilities
It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...
SUSE CVE-2026-6479
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....
CVE-2026-6479
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....
EUVD-2026-30288
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....
EUVD-2013-1685
Malware in sbrugna...
EUVD-2007-4029
Malware in sbrugna...
Security update for postgresql14
This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
Security update for postgresql13
This update for postgresql13 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
Security update for postgresql15
This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
SUSE CVE-2007-0720
The CUPS service on multiple platforms allows remote attackers to cause a denial of service service hang via a "partially-negotiated" SSL connection, which prevents other requests from being accepted...
April 12, 2022-KB5012123 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2
None None...
April 12, 2022-KB5012121 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11
None None...
boringssl: Incorrect-function-pointer-type in bssl::ssl_negotiate_alpn
Project: https://boringssl.googlesource.com/boringssl Detailed report: https://oss-fuzz.com/testcase?key=6088352019251200 Project: boringssl Fuzzer: libFuzzerboringsslserver Fuzz target binary: server Job Type: libfuzzerubsanboringssl Platform Id: linux Crash Type: Incorrect-function-pointer-type...
Cisco Jabbar chat client vulnerability to man in the middle attacks-vulnerability warning-the black bar safety net
Cisco released an official announcement that its chat clients Jabbar in the presence of security vulnerabilities, vulnerable to a middleman attack. The vulnerability exists on the Windows platform-Jabbar, an unauthorized remote attacker can exploit the vulnerability to implement STARTTLS downgrad...
MGASA-2014-0489 Updated ruby-httpclient package enables SSL negotiation
This new version enables SSL negotiation instead of hardcoding SSLv3...
Updated ruby-httpclient package enables SSL negotiation
This new version enables SSL negotiation instead of hardcoding SSLv3...
Fedora 20 : rubygem-httpclient-2.4.0-2.fc20 (2014-13040)
Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducin...
Oracle Linux 4 : cups (ELSA-2007-1022)
From Red Hat Security Advisory 2007:1022 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System CUPS provides a...
Oracle Linux 5 : Moderate: / cups (ELSA-2007-0123)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2007-0123 advisory. 1.1.22-0.rc1.9.18 - REVERTED these changes: - Applied patch from STR 1301 bug 195354. - Patch pdftops to understand 'includeifexists', and use that in the...