CVE-2017-2635

A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service...

Tridium Niagara AX Framework and Niagara 4 Framework Authentication Bypass Vulnerability

Tridium Niagara AX Framework and Niagara 4 Framework are both IoT business application frameworks from Tridium USA. An authentication bypass vulnerability exists in Tridium Niagara AX Framework 3.8 and earlier and Niagara 4 Framework 4.4 and earlier. A remote attacker can exploit this vulnerabili...

SUSE-SU-2018:2204-1 Security update for libsoup

This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fix crash when handling empty hostnames bsc1100097. - CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers bsc1052916. Bug fixes: - bsc1086036:...

CVE-2018-12448

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name...

ALPINE-CVE-2018-14767

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "buildresbuffromsipreq" core function. This could result in denial of service and potentially...

DEBIAN-CVE-2018-14767

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "buildresbuffromsipreq" core function. This could result in denial of service and potentially...

PT-2018-12707 · Kamailio +2 · Kamailio +2

Name of the Vulnerable Software and Affected Versions: Kamailio versions prior to 5.0.7 Kamailio versions 5.1.x prior to 5.1.4 Description: A crafted SIP message with a double "To" header and an empty "To" tag can cause a segmentation fault and crash due to missing input validation in the build r...

DEBIAN-CVE-2018-14612

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfsreadblockgroups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks i...

CVE-2018-14612

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfsreadblockgroups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks i...

CVE-2018-14612

CVE-2018-14612 affects the Linux kernel (through 4.17.10) with an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image. The root cause is lack of validation in btrfs_read_block_groups (fs/btrfs/extent-tree.c) and missing empty-tree checks in check_leaf (fs/btrfs/tr...

UBUNTU-CVE-2018-14612

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfsreadblockgroups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks i...

Authentication Bypass

ldap3 is affected by an authentication bypass vulnerability. The rebind method of the Connection object allows for a successful rebind using an empty password after a correct bind with a valid password...

GNOME libsoup Denial of Service Vulnerability

GNOME libsoup is an HTTP client/server library developed by the GNOME project. A security vulnerability exists in the soupcookiejargetcookies file in the soup-cookie-jar.c file in GNOME libsoup. An attacker can exploit this vulnerability to cause a denial of service with an empty hostname...

Denial Of Service (DoS)

libsoup.so is vulnerable to denial of service DoS attacks. The vulnerability exists due to the lack of check on empty hostnames in getcookies of soup-cookie-jar.c, causing DoS and possibly other attacks...

Design/Logic Flaw

The getcookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname...

DEBIAN-CVE-2018-12910

The getcookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname...

CVE-2018-12910

The getcookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname...

CVE-2018-12910

The getcookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname...

CVE-2018-12910

The getcookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname...

CVE-2018-12910

The getcookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname...