EUVD-2017-2434

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-10789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DBD::mysql module through 4.043 for Perl uses the mysqlssl=1 setting to mean that SSL is optional even though this setting's documentation has a your...

RHEL 5 : perl-dbd-mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - perl-DBD-MySQL: Use-after-free when calling mysqlstmterror after mysqlstmtclose CVE-2017-10788 - Buffer...

Ubuntu 16.04 ESM : DBD::mysql vulnerabilities (USN-5344-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5344-1 advisory. It was discovered that the DBD::mysql module, when configured with server-side prepared statement support, was susceptible to operations that would resul...

SUSE CVE-2017-10789

The DBD::mysql module through 4.043 for Perl uses the mysqlssl=1 setting to mean that SSL is optional even though this setting's documentation has a "your communication with the server will be encrypted" statement, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrad...

USN-5344-1 libdbd-mysql-perl vulnerabilities

It was discovered that the DBD::mysql module, when configured with server-side prepared statement support, was susceptible to operations that would result in improper memory access. An attacker could possibly use this issue to cause DBD::mysql to crash, resulting in a denial of service...

EulerOS 2.0 SP3 : perl-DBD-MySQL (EulerOS-SA-2021-1828)

According to the versions of the perl-DBD-MySQL package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of...

EulerOS Virtualization 3.0.2.6 : perl-DBD-MySQL (EulerOS-SA-2021-1447)

According to the versions of the perl-DBD-MySQL package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of...

EulerOS Virtualization for ARM 64 3.0.6.0 : perl-DBD-MySQL (EulerOS-SA-2020-2044)

According to the version of the perl-DBD-MySQL package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The DBD::mysql module through 4.043 for Perl uses the mysqlssl=1 setting to mean that SSL is optional even though...

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1632)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated perl-DBD-mysql packages fix security vulnerabilities

Updated perl-DBD-mysql package fixes security vulnerabilities: The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering certain error responses from a MySQL...

CVE-2017-10789

The DBD::mysql module through 4.043 for Perl uses the mysqlssl=1 setting to mean that SSL is optional even though this setting's documentation has a "your communication with the server will be encrypted" statement, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrad...

CVE-2017-10789

The DBD::mysql module through 4.043 for Perl uses the mysqlssl=1 setting to mean that SSL is optional even though this setting's documentation has a "your communication with the server will be encrypted" statement, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrad...

Sql injection

The DBD::mysql module through 4.043 for Perl uses the mysqlssl=1 setting to mean that SSL is optional even though this setting's documentation has a "your communication with the server will be encrypted" statement, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrad...

CVE-2017-10789

CVE-2017-10789 concerns the DBD::mysql Perl module (versions up to 4.043) where mysql_ssl=1 is treated as enabling SSL only optionally, despite documentation implying encrypted communication. This allows MITM attackers to downgrade to a cleartext connection and spoof the MySQL server (related to ...

PT-2017-11505 · Mysql Server +3 · Dbd::Mysql +3

Name of the Vulnerable Software and Affected Versions: DBD::mysql versions through 4.043 Description: The issue allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack. This occurs because the mysql ssl=1 setting is used to mean that SSL is optional, despite the...

Buffer overflow

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C aka libmysqlclient before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack...

CVE-2015-3152

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C aka libmysqlclient before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack...

Sql injection

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152...

CVE-2015-3152

The CVE-2015-3152 issue affects MySQL client libraries where the --ssl flag is treated as optional, allowing a MITM downgrade to cleartext SSL and server spoofing. Affected products/versions include Oracle MySQL prior to 5.7.3, Oracle MySQL Connector/C (libmysqlclient) prior to 6.1.3, and MariaDB...