CVE-2014-8180

The CVE concerns MongoDB within Red Hat Satellite 6. Affected component: MongoDB used by Satellite 6. Issue: local users can bypass authentication by logging in with an empty password, potentially deleting information and causing a Denial of Service. Root cause: authentication bypass in the Mongo...

BELL-CVE-2017-9060 CVE-2017-9060 does not affect BellSoft software

Bulletin has no description...

nss: Null pointer dereference when handling empty SSLv2 messages

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library...

nss: Null pointer dereference when handling empty SSLv2 messages

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library...

PT-2017-17775 · Mozilla +4 · Network Security Services +4

Name of the Vulnerable Software and Affected Versions: Network Security Services NSS versions 3.24.0 and later Description: A null pointer dereference issue was discovered in NSS when the server receives empty SSLv2 messages, potentially leading to a denial of service by a remote attacker...

CVE-2014-0097

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...

kernel: Oops in shash_async_export()

A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...

kernel: Oops in shash_async_export()

A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...

kernel: Oops in shash_async_export()

A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...

collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions

collectd contains an infinite loop due to how the parsepacket and parsepartsignsha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of...

UBUNTU-CVE-2017-9217

systemd-resolved through 233 allows remote attackers to cause a denial of service daemon crash via a crafted DNS response with an empty question section...

PT-2017-18793 · Systemd +2 · Systemd-Resolved +2

Name of the Vulnerable Software and Affected Versions: systemd-resolved versions through 233 Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a crafted DNS response with an empty question section. Recommendations: For versions through...

CVE-2017-9090

reg.php in Allen Disk 1.6 doesn't check if isset$SESSION'captcha''code'==1, which makes it possible to bypass the CAPTCHA via an empty $POST'captcha'...

jasper: NULL pointer dereference in jpc_tsfb_synthesize()

The jpctsfbsynthesize function in jpctsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service NULL pointer dereference via vectors involving an empty sequence...

libevent: Out-of-bounds read in search_make_new()

An out of bounds read vulnerability was found in libevent in the searchmakenew function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash...

The vulnerability of the Linux operating system, which allows a hacker to exert arbitrary control

The vulnerability of the cp2112 gpioDirectionInput function in the Linux operating system’s drivers/hid/hid-cp2112.c file exists due to incorrect error handling for input/output operations for an empty report. Exploiting this vulnerability allows a local attacker to exert arbitrary control using...

Denial Of Service (DoS)

github.com/andreimatei/grpc-go is vulnerable to denial of service DoS attacks. A malicious user can send an empty hpack string to the system and cause it to crash...

Denial Of Service (DoS)

github.com/grpc/grpc-go is vulnerable to denial of service DoS attacks. A malicious user can send an empty hpack string to the system and cause it to crash...

Weblate: Null Password - Setting a new password doesn't check for empty spaces

Hi Again! As seen your website at https://demo.weblate.org/accounts/password/ Your password can't be too similar to your other personal information. Your password must contain at least 6 characters. Your password can't be a commonly used password. Your password can't be entirely numeric. I found...

libevent: Out-of-bounds read in search_make_new()

An out of bounds read vulnerability was found in libevent in the searchmakenew function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash...