CVE-2018-1052

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table...

CVE-2018-1052

Removed by vendor...

CVE-2018-1052

A memory disclosure vulnerability in table partitioning was found in postgresql, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table...

Debian: Security Advisory (DLA-1110-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated samba packages fix security vulnerability

Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. CVE-2017-12150 Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when SMB1 is being used. A remote...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

Amazon Linux AMI : postgresql95 / postgresql96 (ALAS-2017-930)

Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.CVE-2017-12172 INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL disclose table...

Mail.ru: Uninitilized server memory disclosure via ImageMagick

It was possible to disclosure the part of server memory from uncontrolled location on the server belonging to "Moi Mir" my.mail.ru project via uploaded GIF image header manipulation. my.mail.ru is not currently in the Bug Bounty scope, reward was paid as a bonus due to potential severity...

samba: Server heap-memory disclosure

A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server...

samba: Server heap-memory disclosure

A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server...

Mavenlink: Uninitialized server memory disclosure via ImageMagick gif parser

A CVE in ImageMagick allowed an attacker to recover random server memory via GIF upload. GIF processing has since been disabled...

USN-3425-2: Apache HTTP Server vulnerability

USN-3425-1 fixed a vulnerability in Apache HTTP Server. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote...

CentOS 6 : httpd (CESA-2017:2972) (Optionsbleed)

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20171011) (Optionsbleed)

Security Fixes : - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Mail.ru: Unupdated ImageMagic leads to uninitialized server memory disclosure

It was possible to disclosure the part of server memory from uncontrolled location on account.my.com project via uploaded GIF image header manipulation. account.my.com is not currently in the Bug Bounty scope, reward was paid as a bonus due to potential severity. CVE-2017-15277...

BSA-2017-440

Security Advisory ID : BSA-2017-440 Component : Samba Revision : 2.0: Interim An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the...

SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2017:2552-1)

This update for spice fixes the following security issues : - CVE-2017-7506: Fixed an out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak bsc1046779. Note that Tenable Network Securit...

RHEL 7 : samba (RHSA-2017:2790)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2790 advisory. - samba: Some code path don't enforce smb signing, when they should CVE-2017-12150 - samba: SMB2 connections don't keep encryption across DF...

Ubuntu 14.04 LTS / 16.04 LTS : Samba vulnerabilities (USN-3426-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3426-1 advisory. Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to...