UBUNTU-CVE-2017-6362

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors...

Medium: postgresql93, postgresql92

Issue Overview: pgusermappings view discloses passwords to users lacking server privileges: An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords fro...

PostgreSQL Database Core Server non-libpq Client Policy Bypass (CVE-2017-7546)

A security policy bypass vulnerability exists in the core server component of the PostgreSQL database server. The vulnerability is due to improper authentication of user accounts with empty passwords for clients that do not use libpq. A remote attacker could send maliciously crafted requests to a...

BSA-2017-394

Security Advisory ID : BSA-2017-394 Component : PostgreSQL Revision : 1.0: Interim It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain...

minidjvu denial of service vulnerability (CNVD-2017-25768)

minidjvu is a command-line utility for encoding and decoding single-page black-and-white DjVu files with the ability to compress multiple pages, taking advantage of similarities between pages. A denial of service vulnerability exists in the rowisempty function in base/4bitmap.c:274 in Minidjvu,...

UBUNTU-CVE-2017-12442

The rowisempty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service invalid memory read and application crash via a crafted djvu file...

DEBIAN-CVE-2017-12442

The rowisempty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service invalid memory read and application crash via a crafted djvu file...

UBUNTU-CVE-2017-12441

The rowisempty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service invalid memory read and application crash via a crafted djvu file...

Authentication flaw

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...

ALPINE-CVE-2017-7546

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...

CVE-2017-7546

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...

CVE-2017-7546

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...

CVE-2017-7546

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...

CVE-2017-7546

Removed by vendor...

CVE-2017-7546

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...

Ubuntu: Security Advisory (USN-3390-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3390-1 postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities

Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login...

USN-3390-1: PostgreSQL vulnerabilities

Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login...

CVE-2017-12852

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack...

UBUNTU-CVE-2017-12852

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack...