4652 matches found
CVE-2020-10967
CVE-2020-10967 affects Dovecot before 2.3.10.1. The issue resides in the lmtp/submission path where handling an email with an empty localpart can crash the target, causing denial of service. Public advisories summarize this alongside other fixes for CVEs 10957/10958, with exploitation vector remo...
CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
UBUNTU-CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
unicorn:fuzz_emu_arm_thumb: Crash with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=5697486768832512 Project: unicorn Fuzzing Engine: libFuzzer Fuzz Target: fuzzemuarmthumb Job Type: libfuzzermsanunicorn Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7fee8001e23c Crash State: NULL Sanitizer: memory MSAN Recommended...
DEBIAN-CVE-2020-12831
An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...
The vulnerability of the “credentialhelper” component in the distributed Git version control system, related to insufficient protection of registration data, allows a malicious actor to access confidential information.
The vulnerability of the “credentialhelper” component in the distributed Git version control system is related to insufficient protection of registration data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information through ...
The vulnerability of the “credentialhelper” component in the distributed Git version control system allows a hacker to gain unauthorized access to protected information.
The vulnerability of the “credentialhelper” component in the distributed Git version control system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information using a special...
git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak
A flaw was found in git where credentials can be leaked through the use of a crafted URL. The crafted URL must contain a newline, empty host, or lack a scheme so that the credential helper is fulled into giving the information of a different host to the client. The highest threat from this...
git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak
A flaw was found in git where credentials can be leaked through the use of a crafted URL. The crafted URL must contain a newline, empty host, or lack a scheme so that the credential helper is fulled into giving the information of a different host to the client. The highest threat from this...
git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak
A flaw was found in git where credentials can be leaked through the use of a crafted URL. The crafted URL must contain a newline, empty host, or lack a scheme so that the credential helper is fulled into giving the information of a different host to the client. The highest threat from this...
git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak
A flaw was found in git where credentials can be leaked through the use of a crafted URL. The crafted URL must contain a newline, empty host, or lack a scheme so that the credential helper is fulled into giving the information of a different host to the client. The highest threat from this...
Open-Xchange: Recursor accepts unsigned, empty NXDOMAINs in secure zones
Hi! This is a slightly edited version of the email I sent to the project's security contacts on 2020-04-21. Open-Xchange confirmed it and asked me to resubmit it here. --- Subject: Recursor may be accepting unsigned, empty NXDOMAINs in secure zones I can easily reproduce this against Cloudflare's...
Updated git packages fix security vulnerability
Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server CvE-2020-111008. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential...
OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
Evenroute IQrouter has an unspecified vulnerability (CNVD-2020-25367)
Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in Evenroute IQrouter 3.3.1 and earlier versions, which stems from an empty password for the root account. The vulnerability can be exploited by an attacker to gain full remote access with the help of the...
OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...