A malicious user can create a vault that is actually empty

Lines of code Vulnerability details description A malicious user can call the createVault function to create a vault with an ERC20 token that returns false rather than revert on failed transfer. By specifying the tokenType parameter to be ERC721 the transferFrom function will be called rather tha...

golang: archive/zip: Reader.Open panics on empty string

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...

CVE-2022-28552

Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin...

CVE-2021-34588

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...

CVE-2022-24882

A vulnerability was found in freerdp. The flaw occurs because the NT LAN Manager NTLM authentication does not properly abort when someone provides an empty password value. This issue exposes an improper authenticating vulnerability...

podman: Default inheritable capabilities for linux container should be empty

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

DEBIAN-CVE-2022-24882

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. Th...

UBUNTU-CVE-2022-24882

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. Th...

CVE-2022-24882 Server side NTLM does not properly check parameters in FreeRDP

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. Th...

FreeRDP 安全漏洞

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A security vulnerability exists in FreeRDP that stems from the fact that in versions prior to 2.7.0, NT LAN Manager NTLM authentication does not abort correctly when someone provides and empty...

PYSEC-2022-193

flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he captcha.validate function would return None if passed no value e.g. by submitting an having an empty form. If implementing users...

CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

PT-2022-3902 · Freerdp +7 · Freerdp +7

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.7.0 Description: The issue is related to the implementation of the NTLM protocol in the FreeRDP RDP client, which is associated with shortcomings in the authentication procedure. This can allow a remote attacker to...

PT-2022-12430 · Terramaster · Terramaster F2-210 +2

Name of the Vulnerable Software and Affected Versions: Terramaster F4-210, F2-210 TOS versions 4.2.X 4.2.15-2107141517 Description: The issue allows an attacker to self-sign session cookies if they know the target's MAC address and the user's password hash. Additionally, guest users, which are...

GSD-2022-1001287 exec: Force single empty string when argv is empty

exec: Force single empty string when argv is empty This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...

DEBIAN-CVE-2021-44503

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause a call to vaarg on an empty variadic parameter list, most likely causing a memory segmentation fault...

FIS GT.M 缓冲区错误漏洞

FIS GT.M is a database platform. A security vulnerability exists in FIS GT.M versions prior to V7.0-000, which can be exploited by an attacker to call vaarg on an empty variable argument list, resulting in a memory segmentation error...

The vulnerability of the libsndfile library for reading and writing audio files involves a numerical overflow with empty stack traces, allowing an attacker to execute arbitrary code in the target system.

The vulnerability of the libsndfile library for reading and writing audio files is related to a numerical overflow with empty stack traces. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...

golang.org/x/crypto: empty plaintext packet causes panic

There's an input validation flaw in golang.org/x/crypto's readCipherPacket function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service...