Download
| Alert*
oval:org.secpod.oval:def:2103411
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting"s documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrad ... oval:org.secpod.oval:def:34684 The host is installed with Oracle MySQL 5.6.x before 5.6.30 or 5.7.x before 5.7.3 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly handle cleartext-downgrade attack aka a "BACKRONYM" attack. Successful exploitation allows man-in-the-middle attac ... oval:org.secpod.oval:def:504991 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the --ssl option. A man-in-the-middle att ... oval:org.secpod.oval:def:501640 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the --ssl option. A man-in-the-middle attac ... oval:org.secpod.oval:def:1200168 PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue oval:org.secpod.oval:def:1501139 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the- ... oval:org.secpod.oval:def:109248 MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ... oval:org.secpod.oval:def:1200107 PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue oval:org.secpod.oval:def:602168 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariad ... oval:org.secpod.oval:def:505098 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the --ssl option. A man-in-the-middle att ... oval:org.secpod.oval:def:89045414 MySQL was updated to version 5.5.45, fixing bugs and security issues. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152] Additional bugs fixed: - fix rc.mysql-multi script to start instances after re ... oval:org.secpod.oval:def:203693 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the- ... oval:org.secpod.oval:def:109280 MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ... oval:org.secpod.oval:def:1200159 PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue oval:org.secpod.oval:def:97632 [CLSA-2022:1651177943] Fix of 227 CVE |