4656 matches found
USN-3390-1: PostgreSQL vulnerabilities
Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login...
USN-3390-1 postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities
Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login...
CVE-2017-12852
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack...
UBUNTU-CVE-2017-12852
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack...
PT-2017-12727 · Numpy +2 · Numpy +2
Name of the Vulnerable Software and Affected Versions: Numpy versions 1.13.1 and earlier Description: The issue is related to missing input validation in the numpy.pad function. This can cause an infinite loop when an empty list or ndarray is used, potentially allowing attackers to conduct a Deni...
Debian DLA-1051-1 : postgresql-9.1 security update
Several vulnerabilities have been found in the PostgreSQL database system : CVE-2017-7486 Andrew Wheelwright discovered that user mappings were insufficiently restricted. CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to...
KLA11091 Multiple vulnerabilities in PostgreSQL
Multiple serious vulnerabilities have been found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions and obtain sensitive information. Below is a complete list of vulnerabilities: 1. An improper handling of empty passwords in libpq can be exploited...
CVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...
PostgreSQL vulnerabilities
The PostgreSQL project reports: CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pgusermappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: loput function ignores ACLs...
UBUNTU-CVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...
Vulnerability in core server (CVE-2017-7546)
empty password accepted in some authentication methods...
Fedora 26 : php-symfony (2017-4fcbd8a4c3)
2.8.25 2017-07-17 - security 23507 Security validate empty passwords again xabbuh - bug 23526 HttpFoundation Set meta refresh time to 0 in RedirectResponse content jnvsor - bug 23540 Disable inlining deprecated services alekitto - bug 23468 DI Handle root namespace in service definitions ro0NL -...
collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions
collectd contains an infinite loop due to how the parsepacket and parsepartsignsha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of...
Sessions Hijacking
Moodle is vulnerable to session hijacking attacks. The attack is possible because the application permits the use of empty session IDs, allowing association of an empty ID with more than one instance. This can allow a malicious user to take over another user's session...
CVE-2017-11365: Empty passwords validation issue
More info at https://symfony.com/cve-2017-11365...
CVE-2017-11365: Empty passwords validation issue
More info at https://symfony.com/cve-2017-11365...
Red Hat Satellite MongoDB Authorization Issues Vulnerability
Red Hat Satellite is a set of system management platforms from Red Hat, Inc. that can be used to extend the Linux infrastructure and provide system management functions such as administration, configuration, and monitoring.MongoDB is a set of database software developed by one of the U.S.-based...
Null pointer dereference
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty field that should have contained a hostname or IP address...
UBUNTU-CVE-2017-7458
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty field that should have contained a hostname or IP address...
CVE-2017-7458
Removed by vendor...