4722 matches found
CVE-2022-26117
An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...
Medium: python
Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...
Medium: python3
Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...
Security update for runc
This update for runc fixes the following issues: Update to runc v1.1.14. Upstream changelog is available from . CVE-2024-45310: Fixed that runc can be tricked into creating empty files/directories on host bsc1230092 Update to runc v1.1.13. Upstream changelog is available from . Fixed a performanc...
GHSA-8655-XGH5-5VVQ fast-fault has a segmentation fault due to lack of bound check
In this case, the "fastfloat::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...
GHSA-JQCP-XC3V-F446 fast-float2 has a segmentation fault due to lack of bound check
In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...
fast-float2 has a segmentation fault due to lack of bound check
In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...
PT-2025-5633 · Unknown · Fast-Float
Name of the Vulnerable Software and Affected Versions: fast-float affected versions not specified Description: The issue arises from the fast float::common::AsciiStr::first method within the AsciiStr struct, which uses the unsafe keyword to read from memory without performing bounds checking. It...
PT-2025-5638 · Crates.Io · Fast-Float2
Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned. Description: The issue arises from the fast float2::common::AsciiStr::first method within the AsciiStr struct, which uses the unsafe keyword to read from memory without performing bounds checking...
When using an Oracle DB, application properties can't be set to empty
h3. Issue Summary The jira.security.csp.sandbox.included.content.disposition application property accepts: Empty value "attachment" "inline" "attachment;inline" or "inline;attachment" If Jira is installed using an Oracle database, the empty value is never set. This happens because Oracle treats...
WordPress Empty Tags Remover Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Empty Tags Remover versions = 1.0...
BIT-PYTHON-MIN-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
BELL-CVE-2024-56766
Bulletin has no description...
Segmentation fault due to lack of bound check
In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...
Segmentation fault due to lack of bound check
In this case, the "fastfloat::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...
PT-2025-5673 · Crates.Io · Fast-Float2
Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned, so the information cannot be determined. Description: The issue arises from the fast float2::common::AsciiStr::first method within the AsciiStr struct, which uses the unsafe keyword to read from...
CLSA-2025-1736503350 haproxy: Fix of CVE-2023-40225
CVE-2023-40225: Fix forward empty Content-Length headers issue...
runc can be confused to create empty files/directories on the host
...
PT-2025-36318
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the 8250 serial driver. When the PSLVERR RESP EN parameter is set to 1, the device can generate an error response when attempting to read an...
PT-2025-54210
Name of the Vulnerable Software and Affected Versions GNU Recutils versions prior to 1.9 Description A flaw exists in the encryption and decryption processes of GNU Recutils that can lead to a Denial of Service DoS. This occurs when an empty value is provided as a password. Recommendations Update...