Lucene search
K

4760 matches found

OSV
OSV
added 2019/11/26 5:15 a.m.2 views

DEBIAN-CVE-2011-4120

Yubico PAM Module before 2.10 performed user authentication when 'usefirstpass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the...

9.8CVSS8.6AI score0.02019EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/11/25 12:0 a.m.4 views

The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software with an empty file via FTP protocol, thereby causing a service failure.

The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download the embedded software update with an empty file via FTP protocol, thereby causing service...

6.8CVSS5.6AI score0.00959EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2019/11/22 12:0 a.m.15 views

gitea -- multiple vulnerabilities

The Gitea Team reports: Hide credentials when submitting migration Never allow an empty password to validate Prevent redirect to Host Hide public repos owned by private orgs...

1.6AI score
Exploits0References1
OSV
OSV
added 2019/11/21 3:15 a.m.2 views

DEBIAN-CVE-2019-19037

ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero...

5.5CVSS6.6AI score0.01886EPSS
Exploits1References1
OSV
OSV
added 2019/11/21 3:15 a.m.3 views

UBUNTU-CVE-2019-19037

ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero...

5.5CVSS7.1AI score0.01886EPSS
Exploits1References4
CNVD
CNVD
added 2019/11/21 12:0 a.m.3 views

Linux kernel null pointer dereference vulnerability (CNVD-2019-42387)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A null pointer dereference vulnerability exists in ext4emptydir in fs/ext4/namei.c in Linux kernel 5.3.12 and earlier...

5.5CVSS7.5AI score0.01886EPSS
Exploits1References1
OSV
OSV
added 2019/11/18 6:15 a.m.1 views

BELL-CVE-2019-19072 CVE-2019-19072 does not affect BellSoft software

Bulletin has no description...

4.4CVSS7.2AI score0.00405EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/11/18 12:0 a.m.6 views

The vulnerability of the Ruby interpreter’s methods Dir.open, Dir.new, Dir.entries, and Dir.empty allows attackers to gain unauthorized access to protected data or compromise the integrity of protected information.

The vulnerability of the Dir.open, Dir.new, Dir.entries, and Dir.empty methods in the Ruby programming language exists due to incorrect path name restrictions for restricted-access directories. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected data or...

6.5CVSS6.7AI score0.10098EPSS
Exploits0References12Affected Software5
RedHat Linux
RedHat Linux
added 2019/11/14 9:17 p.m.3 views

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.25448EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.43 views

EulerOS 2.0 SP5 : unzip (EulerOS-SA-2019-2234)

According to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly execute...

6.8CVSS6.9AI score0.07184EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2019/11/07 12:0 a.m.381 views

Adobe ColdFusion RDS Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion RDS Authentication Bypass', 'Description' = %q Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass...

0.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/11/05 10:29 p.m.6 views

openssh: scp client improper directory name validation

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...

5.3CVSS7.2AI score0.03681EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/11/05 9:29 p.m.3 views

dovecot: Improper certificate validation

It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...

7.7CVSS5.9AI score0.02462EPSS
Exploits1References5
CNVD
CNVD
added 2019/10/30 12:0 a.m.2 views

Schneider Electric Modicon M580/M340/BMxCRA/140CRA Denial of Service Vulnerability (CNVD-2019-41496)

The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric. A denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA. An attacker can exploit this vulnerability to cause a denial of service by upgrading the controller...

4.9CVSS6.8AI score0.00959EPSS
Exploits0References1
Metasploit
Metasploit
added 2019/10/27 4:25 p.m.42 views

Adobe ColdFusion RDS Authentication Bypass

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Due to default settings or misconfiguration, its password can be set to an empty value. This allows an attacker to create a session via the RDS login that can be carried over to th...

0.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/10/24 12:0 a.m.5 views

The vulnerability of the /etc/passwd file in Cisco Small Business router microprogramming devices series 250, 350, 350X, and 550X allows a hacker to elevate their privileges to the root level.

The vulnerability of the /etc/passwd file in Cisco Small Business routers of the 250, 350, 350X, and 550X series is related to the presence of empty password entries for the root and user accounts. Exploiting this vulnerability allows a remote attacker to elevate their privileges to the root leve...

7.6CVSS5.5AI score
Exploits0References1Affected Software4
RedhatCVE
RedhatCVE
added 2019/10/10 3:58 a.m.31 views

CVE-2017-7546

It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords...

9.8CVSS4.1AI score0.61566EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/10/02 2:29 p.m.3 views

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.25448EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.9 views

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.25448EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2019/10/01 12:0 a.m.5 views

The vulnerability of the fly-admin-printer print manager in the FLY operating system of Astra Linux allows a attacker to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the fly-admin-printer print manager in the FLY operating system of Astra Linux is related to errors in processing empty tasks, as well as errors in renaming the printer. Exploiting this vulnerability allows a remote attacker to compromise data integrity, gain unauthorized...

6CVSS5.6AI score
Exploits0References1
Rows per page
Query Builder