PT-2024-27149 · Oneflow · Oneflow

Name of the Vulnerable Software and Affected Versions: Oneflow version 0.9.1 Description: An issue in OneFlow-Inc. Oneflow allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.dot. Recommendations: For version 0.9.1, consider avoiding the use of...

Microsoft Artifact Registry Container Images Empty Password Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Artifact Registry Container images. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default credentials set within the image. The issue...

PT-2024-27141 · Oneflow · Oneflow

Name of the Vulnerable Software and Affected Versions: Oneflow version 0.9.1 Description: The issue allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.tensordot. Recommendations: For version 0.9.1, consider avoiding the use of oneflow.tensordot with...

PT-2024-19340 · Ibm · Ibm System Storage Ds8900F

Name of the Vulnerable Software and Affected Versions: IBM System Storage DS8900F versions 89.22.19.0 through 89.40.93.0 Description: The issue allows a remote user to create an LDAP connection with a valid username and an empty password, potentially establishing an anonymous connection...

BELL-CVE-2024-36884

Bulletin has no description...

[SECURITY] Fedora 39 Update: rust-uu_rmdir-0.0.23-3.fc39

rmdir uutils remove empty DIRECTORY...

SUSE CVE-2024-36891

In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...

zstd: mysql: buffer overrun in util.c

A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun...

DEBIAN-CVE-2024-36891

In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...

UBUNTU-CVE-2024-36891

In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...

PT-2024-40463 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue arises when creating new backend user accounts in the TYPO3 backend, potentially leading to database records with insecure or empty credentials being persisted. This occurs when the...

SUSE CVE-2023-52811

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUGON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUGON, a...

PT-2024-34664 · WordPress · Login With Phone Number

Name of the Vulnerable Software and Affected Versions: Login with phone number plugin for WordPress versions up to 1.7.26 Description: The issue is related to authentication bypass due to the activation code default value being empty and a missing not empty check in the lwp ajax register function...

Authentication Bypass

SilverStripe is vulnerable to Authentication Bypass. The vulnerability is caused by providing an empty token parameter with secure token parameters like isDev or flush, allowing bypass of normal authentication mechanisms...

Fedora: Security Advisory for rust-uu_rmdir (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-uu_rmdir-0.0.23-3.fc40

rmdir uutils remove empty DIRECTORY...

idm:DL1 security update

bind-dyndb-ldap 11.6-4 - Modify empty zone conflicts under exclusive mode Resolves: rhbz2126877 11.6-3 - Rebuild against bind 9.11.36 - Resolves: rhbz2022762 11.6-2 - Rebuild against bind 9.11.26 - Resolves: rhbz1904612 11.6-1 - New upstream release - Resolves: rhbz1891735 11.3-1 - New upstream...

SUSE CVE-2023-52700

In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... 13.396352 RIP: 0010:copyfromiter+0xb4/0x550 ... 13.398494 Call Trace: 13.398630 13.398630 ? allocskb+0xed/0x1a...

SUSE CVE-2023-52767

In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...

PT-2024-40284 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe affected versions not specified Description: The issue allows bypassing normal authentication parameters by providing an empty token parameter to a SilverStripe site when a secure token parameter is given, such as isDev or flush...