postgresql: limited memory disclosure flaw in crypt()

A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory...

Moderate: Red Hat Security Advisory: postgresql92-postgresql security update

Updated postgresql92-postgresql packages that fix two security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

postgresql: limited memory disclosure flaw in crypt()

A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory...

Amazon Linux: Security Advisory (ALAS-2015-609)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2007-2844

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access...

CVE-2015-5288

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a "too-short" salt...

[SECURITY] [DSA 3374-1] postgresql-9.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3374-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2015 https://www.debian.org/security/faq -...

PostgreSQL Memory Read Vulnerability

PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. A security vulnerability exists in PostgreSQL that allows remote attackers to exploit a vulnerability by submitting special data to the pgCrypto extension's crypt function to read the...

UBUNTU-CVE-2015-5288

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a "too-short" salt...

Vulnerability in contrib module (CVE-2015-5288)

Memory leak in crypt function...

Gentoo Security Advisory GLSA 201309-01

Gentoo Linux Local Security Checks GLSA 201309-01 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Amazon Linux: Security Advisory (ALAS-2011-12)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

QSSL QNX 4.25 A crypt() Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants, crypt3 is based on ...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)

The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash CVE-2011-2483. After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly...

CVE-2013-4143

The 1 checkPasswd and 2 checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to...

CVE-2013-4143

The 1 checkPasswd and 2 checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to...

Medium: cyrus-sasl

Issue Overview: Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt o...

CVE-2013-6445

CVE-2013-6445 affects Red Hat Enterprise MRG 2.5 where the Cumin (MRG Management Console) component uses the DES-based crypt() hash for passwords. Root cause: weak DES-based hashing enables faster brute-force recovery of plaintext passwords if a cumin user database is compromised. Impact: potenti...

CVE-2013-6445

Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack...

SuSE 11.3 Security Update : PostgreSQL 9.1 (SAT Patch Number 8970)

The PostgreSQL database server was updated to version 9.1.12 to fix various security issues : - Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The...