CVE-2020-19888

DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table...

CVE-2020-19888

DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table...

Design/Logic Flaw

DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table...

CVE-2020-19888

DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table...

cascadia:fuzz: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=4853171179225088 Project: cascadia Fuzzing Engine: libFuzzer Fuzz Target: fuzz Job Type: libfuzzerasancascadia Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000033e782c Crash State: NULL Sanitizer: address ASAN Recommended Securit...

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.

...

An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user so triggering the bug does not grant any powers not already held.”

...

golang:fuzzer-gzip: Segv on unknown address with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5709295661088768 Project: golang Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-gzip Job Type: libfuzzerasangolang Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State: NULL Sanitizer: address ASAN Crash Revision:...

golang-protobuf:wirefuzz: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5641960472444928 Project: golang-protobuf Fuzzing Engine: libFuzzer Fuzz Target: wirefuzz Job Type: libfuzzerasangolang-protobuf Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000014ba Crash State: NULL Sanitizer: address ASAN...

USN-4454-2 samba vulnerability

USN-4454-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT...

USN-4454-1 samba vulnerability

Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

Denial Of Service (DoS)

Dovecot is vulnerable to denial of service DoS. A remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...

libucl:ucl_add_string_fuzzer: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=6498000277602304 Project: libucl Fuzzing Engine: libFuzzer Fuzz Target: ucladdstringfuzzer Job Type: libfuzzerubsanlibucl Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000ec99ae8 Crash State: NULL Sanitizer: undefined UBSAN...

go-dns:fuzz_msg_unpack: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5642061701971968 Project: go-dns Fuzzing Engine: libFuzzer Fuzz Target: fuzzmsgunpack Job Type: libfuzzerasango-dns Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000002d140 Crash State: NULL Sanitizer: address ASAN Recommended...

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

VulnCheck KEV: CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...

kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c

An out-of-bounds write flaw was found in the Linux kernel. An empty nodelist in mempolicy.c is mishandled durig mount option parsing leading to a stack-based out-of-bounds write. The highest threat from this vulnerability is to system availability...

ALPINE-CVE-2020-14303

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash...