EUVD-2020-24467

Malware in sbrugna...

EUVD-2023-24356

Malicious code in bioql PyPI...

K000149068: Multiple PostGreSQL vulnerabilities

Security Advisory Description CVE-2017-7485 In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle...

RHEL 6 / 7 : rh-mariadb100-mariadb (RHSA-2015:1646)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1646 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client...

CVE-2023-20177

A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense FTD Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to...

F5 Networks BIG-IP : MySQL vulnerability (K16845) (BACKRONYM)

An unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.7.2 and earlier allows an attacker to downgrade MySQL SSL/TLS connections, snoop database queries and results, or directly manipulate database contents. CVE-2015-3152 Impact Although the BIG-IP system includes the...

Medium: postgresql93, postgresql94, postgresql95

Issue Overview: Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some...

IBM WebSphere Application Server 8.0 < 8.0.0.11 Multiple Vulnerabilities (FREAK)

Binary data 9713.prm...

IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)

Binary data 9700.prm...

Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products

On January 28, 2016, the OpenSSL Project released a security advisory detailing two vulnerabilities. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attac...

Xerox WorkCentre 3550 OpenSSL Multiple Vulnerabilities (XRX15AJ) (FREAK) (POODLE)

According to its model number and software version, the remote Xerox WorkCentre 3550 device is affected by multiple OpenSSL vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting...

Xerox WorkCentre 77XX Multiple Vulnerabilities (XRX15R) (FREAK) (GHOST)

According to its model number and software version, the remote Xerox WorkCentre 77XX device is affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as FREAK Factoring attack on RSA-EXPORT Keys, exists due to the support of weak EXPORTRSA cipher suites with keys...

PHP 5.6.10 < 5.6.11 Multiple Vulnerabilities (BACKRONYM)

Binary data 8954.prm...

PHP 5.4.x < 5.4.43 Multiple Vulnerabilities (BACKRONYM)

According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.43. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as 'BACKRONYM', exists due to a failure to properly enforce the requirement of an SSL/TL...

PHP 5.5.x < 5.5.27 Multiple Vulnerabilities (BACKRONYM)

According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.27. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as 'BACKRONYM', exists due to a failure to properly enforce the requirement of an SSL/TL...

Splunk Enterprise 6.2.x < 6.2.2 Multiple Vulnerabilities (FREAK)

According to its version number, the Splunk Enterprise hosted on the remote web server is version 6.2.x prior to 6.2.2. It is, therefore, affected by the following vulnerabilities : - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allo...

MS15-031: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049) (FREAK)

The remote Windows host is affected by a security feature bypass vulnerability, known as FREAK Factoring attack on RSA-EXPORT Keys, due to the support of weak EXPORTRSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS...

Security update for MozillaFirefox, mozilla-nss (important)

MozillaFirefox, mozilla-nss were updated to fix 18 security issues. MozillaFirefox was updated to version 36.0. These security issues were fixed: - CVE-2015-0835, CVE-2015-0836: Miscellaneous memory safety hazards - CVE-2015-0832: Appended period to hostnames can bypass HPKP and HSTS protections ...

DLA-0004-1 dovecot - security update

Bulletin has no description...

SSL/TLS: SMTP 'STARTTLS' Command Detection

Checks if the remote SMTP server supports SSL/TLS with the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...