MiracleLinux 4 : rh-postgresql95-postgresql-9.5.7-2.AXS4 (AXSA:2017-1727:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1727:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll ne...

CVE-2019-16179

Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration...

EUVD-2010-2288

Malware in sbrugna...

EUVD-2018-11882

Malware in sbrugna...

EUVD-2018-12704

Malware in sbrugna...

CVE-2016-11076

An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL...

USN-7417-1 libdbd-mysql-perl vulnerabilities

It was discovered that libdbd-mysql-perl did not correctly handle certain SQL queries. An attacker could possibly use this issue to cause a denial of service. CVE-2016-1249 It was discovered that libdbd-mysql-perl did not correctly handle certain memory operations, which could lead to a...

USN-7417-1: libdbd-mysql-perl vulnerabilities

It was discovered that libdbd-mysql-perl did not correctly handle certain SQL queries. An attacker could possibly use this issue to cause a denial of service. CVE-2016-1249 It was discovered that libdbd-mysql-perl did not correctly handle certain memory operations, which could lead to a...

RHEL 6 : rh-postgresql95-postgresql (RHSA-2017:2425)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2425 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Encryption. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via...

Moderate: Red Hat Security Advisory: rh-postgresql95-postgresql security update

An update for rh-postgresql95-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALPINE-CVE-2017-7485

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the...

NetScaler is forcing the SSL connection on sites browsed with Secure Web

Web Links for HTTP resources attempting to connect via Secure Web over HTTPs and failing as resource does not exist on HTTPs...

openSUSE: Security Advisory for Security (openSUSE-SU-2015:2243-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update to MySQL 5.6.27 (important)

MySQL was updated to 5.6.27 to fix security issues and bugs. The following vulnerabilities were fixed as part of the upstream release boo951391: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815,...

mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)

It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client an...

SUSE-SU-2015:1273-1 Security update for mariadb

This update fixes the following security issues: Logjam attack: mysql uses 512 bit dh groups in SSL bnc934789 CVE-2015-3152: mysql --ssl does not enforce SSL bnc924663 CVE-2014-8964: heap buffer overflow bnc906574 CVE-2015-2325: heap buffer overflow in compilebranch bnc924960 CVE-2015-2326: heap...

DEBIAN-CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

UBUNTU-CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...