The vulnerability of the ext4_empty_dir function (fs/ext4/namei.c) in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ext4emptydir function fs/ext4/namei.c in the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability allows an attacker to cause a service failure...

BELL-CVE-2019-11049 CVE-2019-11049 does not affect BellSoft software

Bulletin has no description...

BuddyPress < 5.1.1 - Denial of Service

A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder...

CVE-2019-19747

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...

Authentication flaw

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...

CVE-2019-19747

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

CVE-2019-18994

Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty .JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service...

Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities in Node.js CVE-2019-9511, CVE-2019-9516, CVE-2019-9512, CVE-2019-9517, CVE-2019-9518, CVE-2019-9515, CVE-2019-9513, CVE-2019-9514 Vulnerability Details CVEID: CVE-2019-9511 DESCRIPTION: Some HTTP/2 implementation...

FreeBSD : dovecot -- NULL pointer deref in notify with empty headers (b7dc4dde-2e48-43f9-967a-c68461537cf2)

Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

dovecot -- null pointer deref in notify with empty headers

Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers...

DEBIAN-CVE-2019-19269

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...

DEBIAN-CVE-2011-4120

Yubico PAM Module before 2.10 performed user authentication when 'usefirstpass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the...

The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software with an empty file via FTP protocol, thereby causing a service failure.

The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download the embedded software update with an empty file via FTP protocol, thereby causing service...

gitea -- multiple vulnerabilities

The Gitea Team reports: Hide credentials when submitting migration Never allow an empty password to validate Prevent redirect to Host Hide public repos owned by private orgs...

DEBIAN-CVE-2019-19037

ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero...

UBUNTU-CVE-2019-19037

ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero...

Linux kernel null pointer dereference vulnerability (CNVD-2019-42387)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A null pointer dereference vulnerability exists in ext4emptydir in fs/ext4/namei.c in Linux kernel 5.3.12 and earlier...

BELL-CVE-2019-19072 CVE-2019-19072 does not affect BellSoft software

Bulletin has no description...

The vulnerability of the Ruby interpreter’s methods Dir.open, Dir.new, Dir.entries, and Dir.empty allows attackers to gain unauthorized access to protected data or compromise the integrity of protected information.

The vulnerability of the Dir.open, Dir.new, Dir.entries, and Dir.empty methods in the Ruby programming language exists due to incorrect path name restrictions for restricted-access directories. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected data or...