EUVD-2019-15217

Malware in sbrugna...

openGauss: Ensuring the Existence of the server.key File

The solution to prevent TCP server spoofing is to use the SSL certificate and ensure that the server certificate is verified on the client. Therefore, the server must be configured to use only the hostssl connection, and the server.key key and server.crt certificate files using the SSL must be...

GaussDB Kernel: Ensuring the Existence of the server.crt File

The best solution to prevent TCP server spoofing is to use the SSL certificate and ensure that the server certificate is verified on the client. Therefore, the server must be configured to use only the hostssl connection, and the server.key key and server.crt certificate files using the SSL must ...

CVE-2019-5642

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...

Metasploit Pro 4.16 and earlier install the web server SSL server.key as local-user readable by default

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...