DEBIAN-CVE-2018-12551

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent...

DEBIAN-CVE-2018-12550

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...

ALPINE-CVE-2018-12551

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent...

DEBIAN-CVE-2019-3814

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...

ALPINE-CVE-2019-3814

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...

PT-2019-5775 · Influxdata +3 · Influxdb +3

Name of the Vulnerable Software and Affected Versions: InfluxDB versions prior to 1.7.6 Description: The issue is related to an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go due to a JWT token having an empty SharedSecret. This allows a remote...

ALPINE-CVE-2019-3860

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

DEBIAN-CVE-2019-3860

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

UBUNTU-CVE-2019-3860

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

The vulnerability of the atol8 function in the libarchive library, which allows a hacker to cause a service failure

The vulnerability of the atol8 function archivereadsupportformatxar.c in the libarchive library is related to errors in processing empty strings, which can lead to buffer overflows. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Data Leakage

ansible is vulnerable to data leakage. The vulnerability is possible because it does not properly handle empty strings passed to rsyncopts, which results in the revealing of the current working directory information...

The vulnerability of the OpenSSH cryptographic protection is caused by errors in checking the name of the scp.c directory on the client scp, which allows a hacker to alter the access rights to the target directory.

The vulnerability of the OpenSSH cryptographic protection arises due to errors in checking the name of the scp.c directory on the scp client. Exploiting this vulnerability allows a malicious actor to alter the access rights to the target directory by using the file name “.” or an empty file name...

D-Link DIR-878 Empty Password Login Vulnerability

The D-Link DIR-878 is a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the /HNAP1 URI in the D-Link DIR-878 version 1.12B01. The vulnerability can be exploited by an attacker to log in to the device with the help of an empty password...

D-Link DIR-825 "user" Account Empty Password Vulnerability

The D-Link DIR-825 is a router from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DIR-825 B version 2.10, which stems from the use of an empty password for the 'user' account. The vulnerability can be exploited by an attacker to log into the router...

Insecure Authorization

libmosquitto.so is vulnerable to insecure authorization. An empty ACL file or containing only blank lines or comments is treated as not defined and no topic access would be denied. This could lead to access being incorrectly granted and allow an attacker to access or modify resources that are...

[SECURITY] [DLA 1671-1] coturn security update

Package : coturn Version : 4.2.1.2-1+deb8u1 CVE ID : CVE-2018-4056 CVE-2018-4058 CVE-2018-4059 Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 An SQL injection vulnerability was discovered in the coTURN administrator web portal. As the...

Debian: Security Advisory (DLA-1671-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-20251

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module UNACEV2.dll creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd t...

CVE-2018-20251

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module UNACEV2.dll creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd t...

USN-3881-1 dovecot vulnerability

It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...