SUSE CVE-2018-7548

In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using $PA... on an empty array result...

SUSE CVE-2018-11356

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record...

SUSE CVE-2018-12550

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...

SUSE CVE-2018-12551

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent...

SUSE CVE-2018-12910

The getcookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname...

SUSE CVE-2018-14612

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfsreadblockgroups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks i...

SUSE CVE-2018-15822

The flvwritepacket function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure...

SUSE CVE-2018-17175

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...

SUSE CVE-2018-19935

ext/imap/phpimap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty string in the message argument to the imapmail function...

SUSE CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...

SUSE CVE-2018-1000204

Linux Kernel version 3.18 to 4.16 incorrectly handles an SGIO ioctl on /dev/sg0 with dxferdirection=SGDXFERFROMDEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in...

SUSE CVE-2019-3814

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...

SUSE CVE-2019-3860

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

SUSE CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

SUSE CVE-2019-10856

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...

SUSE CVE-2019-11729

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

SUSE CVE-2019-11738

If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...

SUSE CVE-2019-19037

ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero...

SUSE CVE-2019-19269

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...

SUSE CVE-2019-20393

A double-free is present in libyang before v1.0-r1 in the function yyparse when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...