Debian DLA-1051-1 : postgresql-9.1 security update

Several vulnerabilities have been found in the PostgreSQL database system : CVE-2017-7486 Andrew Wheelwright discovered that user mappings were insufficiently restricted. CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to...

CVE-2017-7546

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...

KLA11091 Multiple vulnerabilities in PostgreSQL

Multiple serious vulnerabilities have been found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions and obtain sensitive information. Below is a complete list of vulnerabilities: 1. An improper handling of empty passwords in libpq can be exploited...

PostgreSQL vulnerabilities

The PostgreSQL project reports: CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pgusermappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: loput function ignores ACLs...

Vulnerability in core server (CVE-2017-7546)

empty password accepted in some authentication methods...

UBUNTU-CVE-2017-7546

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...

Fedora 26 : php-symfony (2017-4fcbd8a4c3)

2.8.25 2017-07-17 - security 23507 Security validate empty passwords again xabbuh - bug 23526 HttpFoundation Set meta refresh time to 0 in RedirectResponse content jnvsor - bug 23540 Disable inlining deprecated services alekitto - bug 23468 DI Handle root namespace in service definitions ro0NL -...

collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions

collectd contains an infinite loop due to how the parsepacket and parsepartsignsha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of...

Sessions Hijacking

Moodle is vulnerable to session hijacking attacks. The attack is possible because the application permits the use of empty session IDs, allowing association of an empty ID with more than one instance. This can allow a malicious user to take over another user's session...

CVE-2017-11365: Empty passwords validation issue

More info at https://symfony.com/cve-2017-11365...

CVE-2017-11365: Empty passwords validation issue

More info at https://symfony.com/cve-2017-11365...

Red Hat Satellite MongoDB Authorization Issues Vulnerability

Red Hat Satellite is a set of system management platforms from Red Hat, Inc. that can be used to extend the Linux infrastructure and provide system management functions such as administration, configuration, and monitoring.MongoDB is a set of database software developed by one of the U.S.-based...

Null pointer dereference

The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty field that should have contained a hostname or IP address...

UBUNTU-CVE-2017-7458

The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty field that should have contained a hostname or IP address...

CVE-2017-7458

Removed by vendor...

USN-3336-1 nss vulnerability

It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service...

nss: Null pointer dereference when handling empty SSLv2 messages

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library...

Foscam camera FTP Server Account Empty Password Vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera FTP server has an account empty password vulnerability, due to the user account of the built-in FTP server is empty password. Attackers can then access the...

Foscam camera FTP server account hard-coded password vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera FTP server account has a hard-coded password vulnerability due to the built-in FTP user password being hard-coded and empty. An attacker can exploit the...

Authentication flaw

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service...