HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

dav1d:dav1d_fuzzer: Null-dereference READ with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5687738131283968 Project: dav1d Fuzzing Engine: libFuzzer Fuzz Target: dav1dfuzzer Job Type: libfuzzerasani386dav1d Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: NULL Sanitizer: address ASAN Crash...

golang-protobuf:wirefuzz: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5652073511387136 Project: golang-protobuf Fuzzing Engine: libFuzzer Fuzz Target: wirefuzz Job Type: libfuzzerasangolang-protobuf Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000059044a4 Crash State: NULL Sanitizer: address ASAN...

The vulnerability of the flv_write_packet function in the FFmpeg multimedia library, which stems from the lack of checks for empty audio packets, allows attackers to trigger a service failure.

The vulnerability of the flvwritepacket function in the FFmpeg multimedia library lies in the lack of checks to ensure that no empty audio packets are present. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

skia:api_skdescriptor: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5755812456955904 Project: skia Fuzzing Engine: libFuzzer Fuzz Target: apiskdescriptor Job Type: libfuzzermsanskia Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000004050020 Crash State: NULL Sanitizer: memory MSAN Recommended...

D-Link Multiple Routers HNAP strncmp Incorrect Comparison Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue...

wasmtime:api_calls: Crash with empty stacktrace

Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5069880397398016 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: apicalls Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x7f52f0071d5...

CVE-2019-5593

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2018-1371)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2017-1232)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2019-20393

A double-free is present in libyang before v1.0-r1 in the function yyparse when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...

UBUNTU-CVE-2019-20393

A double-free is present in libyang before v1.0-r1 in the function yyparse when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...

Linux: Empty links

Links point to another file or directory. This script checks if any empty link exists on the host. Note: This script dramatically increases the scan duration. Note: Exclude directories /proc, /run, /dev, /sys, /media, /tmp and /var SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions...

Linux: SSH PermitEmptyPasswords

The PermitEmptyPasswordsparameter specifies if the SSH server allows login to accounts with empty password strings. Disallowing remote shell access to accounts that have an empty password reduces the probability of unauthorized access to the system Copyright C 2020 Greenbone Networks GmbH...

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

This update for nodejs12 fixes the following issues : Update to LTS release 12.13.0 jscSLE-8947. Security issues fixed : CVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to window size manipulations bsc1146091. CVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable t...

CVE-2019-20373

LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...

UBUNTU-CVE-2019-20373

LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...

Security Bulletin: A security vulnerability has been identified in nginx shipped with PowerAI Vision

Summary Multiple vulnerabilities CVE-2019-9516, CVE-2019-9515, CVE-2019-9517, CVE-2019-9518, CVE-2019-9511, CVE-2019-9513 in nginx Vulnerability Details CVEID: CVE-2019-9516 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The...

CVE-2013-5657

AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request...

CVE-2013-5657

AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request...