4652 matches found
UBUNTU-CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
Perth Dropbear Security Vulnerability
Perth Dropbear is a lightweight SSH server/client software from the University of Perth, Australia that is primarily used in embedded devices. A security vulnerability exists in Dropbear before 2020.79 that stems from incorrectly processed filenames, or empty filenames...
PT-2021-11987 · Dropbear +1 · Dropbear +1
Name of the Vulnerable Software and Affected Versions: Dropbear versions prior to 2020.79 Description: The issue is related to the handling of filenames in scp.c, specifically with . or an empty filename. This is a related issue to a previously known problem. Recommendations: For versions prior t...
Veeam Service Provider Console Plugin for ConnectWise Automate opens empty configuration in ConnectWise Automate Control Center
Challenge After successfully installing the Veeam Service Provider Console Plugin for ConnectWise Automate, the Integration tab for Veeam Service Provider Console displays no data. Cause Lack of permissions for account used to log in to ConnectWise Automate and coexistence of 2 plugins: Veeam...
SUSE SLES12 Security Update : krb5-appl (SUSE-SU-2021:0527-1)
This update for krb5-appl fixes the following issues : CVE-2019-25017: Check the filenames sent by the server match those requested by the client bsc1131109. CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory bsc1131109. Note that Tenable Network Security...
Code injection
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...
EulerOS 2.0 SP9 : bind (EulerOS-SA-2021-1261)
According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In ISC BIND9 versions BIND 9.11.14 - 9.11.19, BIND 9.14.9 - 9.14.12, BIND 9.16.0 - 9.16.3, BIND Supported Preview Edition 9.11.14-S1 - 9.11.19-S1:...
OPENSUSE-SU-2021:0231-1 Security update for segv_handler
This update for segvhandler fixes the following issues: - Replace by empty package with README explaining the removal for security reasons boo1180665. This update was imported from the openSUSE:Leap:15.2:Update update project...
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
...
Docker Image haproxy Access Control Error Vulnerability
Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...
CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
ALPINE-CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
Design/Logic Flaw
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
Docker Image haproxy 访问控制错误漏洞
Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...