Vulnerability & Exploit Database

Displaying entries 1 - 10 of 95614 in total

Fortinet FortiAnalyzer Obsolete Version Vulnerability

  • Severity: 10
  • Published: May 14, 2017

The detected version stream of Fortinet FortiAnalyzer has reached the End of Support (EOS) phase. Upgrade Path documents for FortiAnalyzer are available from the Fortinet Customer Service and Support Site in the same directory as the firmware images and Release Notes.

ISC BIND: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel (CVE-2017-3138) Vulnerability

  • Severity: 4
  • Published: May 14, 2017

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE ass...

Fortinet FortiManager Obsolete Version Vulnerability

  • Severity: 10
  • Published: May 14, 2017

The detected version stream of Fortinet FortiManager has reached the End of Support (EOS) phase. Upgrade Path documents for FortiManager are available from the Fortinet Customer Service and Support Site in the same directory as the firmware images and Release Notes.

Debian: CVE-2017-7484: postgresql-9.4 -- security update Vulnerability

  • Severity: 4
  • Published: May 11, 2017

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some in...

PostgreSQL class A vulnerability in client: CVE-2017-7485 Vulnerability

  • Severity: 4
  • Published: May 11, 2017

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between...

Debian: CVE-2017-7486: postgresql-9.4 -- security update Vulnerability

  • Severity: 4
  • Published: May 11, 2017

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.