CVE-2017-7485

MEDIUM Year: 2017
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-390
View all →

Vulnerability Description

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.

Related Vulnerabilities

CVE-2024-11942

MEDIUM
CVSS:5.9(Medium)

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.

CWE-3902024

CVE-2024-20316

MEDIUM
CVSS:5.8(Medium)

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured ...

CWE-3902024

CVE-2024-12086

MEDIUM
CVSS:6.1(Medium)

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. Du...

CWE-3902024

CVE-2025-25204

MEDIUM
CVSS:6.3(Medium)

`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` c...

CWE-3902025

CVE-2024-30255

MEDIUM
CVSS:5.3(Medium)

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CO...

CWE-3902024

CVE-2025-26465

MEDIUM
CVSS:6.8(Medium)

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs...

CWE-3902025