USN-8294-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

SUSE CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

EUVD-2026-30288

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

EUVD-2013-1685

Malware in sbrugna...

EUVD-2007-4029

Malware in sbrugna...

Security update for postgresql14

This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

Security update for postgresql13

This update for postgresql13 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

Security update for postgresql15

This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

SUSE CVE-2007-0720

The CUPS service on multiple platforms allows remote attackers to cause a denial of service service hang via a "partially-negotiated" SSL connection, which prevents other requests from being accepted...

April 12, 2022-KB5012123 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2

April 12, 2022-KB5012123 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 Release Date: April 12, 2022 Version: .NET Framework 3.5 and 4.8 Summary Security Improvements This security update addresses an issue where an unauthenticated attacker cou...

April 12, 2022-KB5012121 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11

April 12, 2022-KB5012121 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 Release Date: April 12, 2022 Version: .NET Framework 3.5 and 4.8 Summary Security Improvements This security update addresses an issue where an unauthenticated attacker could cause a denial of service on an...

boringssl: Incorrect-function-pointer-type in bssl::ssl_negotiate_alpn

Project: https://boringssl.googlesource.com/boringssl Detailed report: https://oss-fuzz.com/testcase?key=6088352019251200 Project: boringssl Fuzzer: libFuzzerboringsslserver Fuzz target binary: server Job Type: libfuzzerubsanboringssl Platform Id: linux Crash Type: Incorrect-function-pointer-type...

Cisco Jabbar chat client vulnerability to man in the middle attacks-vulnerability warning-the black bar safety net

Cisco released an official announcement that its chat clients Jabbar in the presence of security vulnerabilities, vulnerable to a middleman attack. The vulnerability exists on the Windows platform-Jabbar, an unauthorized remote attacker can exploit the vulnerability to implement STARTTLS downgrad...

Updated ruby-httpclient package enables SSL negotiation

This new version enables SSL negotiation instead of hardcoding SSLv3...

MGASA-2014-0489 Updated ruby-httpclient package enables SSL negotiation

This new version enables SSL negotiation instead of hardcoding SSLv3...

Fedora 20 : rubygem-httpclient-2.4.0-2.fc20 (2014-13040)

Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducin...

Oracle Linux 4 : cups (ELSA-2007-1022)

From Red Hat Security Advisory 2007:1022 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System CUPS provides a...

Oracle Linux 5 : Moderate: / cups (ELSA-2007-0123)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2007-0123 advisory. 1.1.22-0.rc1.9.18 - REVERTED these changes: - Applied patch from STR 1301 bug 195354. - Patch pdftops to understand 'includeifexists', and use that in the...

Scientific Linux Security Update : cups on SL4.x i386/x86_64

Problem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 Alin Rad Pop discovered a flaw in ...