4740 matches found
Red Hat Satellite MongoDB Authorization Issues Vulnerability
Red Hat Satellite is a set of system management platforms from Red Hat, Inc. that can be used to extend the Linux infrastructure and provide system management functions such as administration, configuration, and monitoring.MongoDB is a set of database software developed by one of the U.S.-based...
Null pointer dereference
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty field that should have contained a hostname or IP address...
UBUNTU-CVE-2017-7458
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty field that should have contained a hostname or IP address...
CVE-2017-7458
Removed by vendor...
USN-3336-1 nss vulnerability
It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service...
nss: Null pointer dereference when handling empty SSLv2 messages
A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library...
Foscam camera FTP server account hard-coded password vulnerability
Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera FTP server account has a hard-coded password vulnerability due to the built-in FTP user password being hard-coded and empty. An attacker can exploit the...
Foscam camera FTP Server Account Empty Password Vulnerability
Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera FTP server has an account empty password vulnerability, due to the user account of the built-in FTP server is empty password. Attackers can then access the...
Authentication flaw
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service...
CVE-2014-8180
The CVE concerns MongoDB within Red Hat Satellite 6. Affected component: MongoDB used by Satellite 6. Issue: local users can bypass authentication by logging in with an empty password, potentially deleting information and causing a Denial of Service. Root cause: authentication bypass in the Mongo...
BELL-CVE-2017-9060 CVE-2017-9060 does not affect BellSoft software
Bulletin has no description...
nss: Null pointer dereference when handling empty SSLv2 messages
A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library...
nss: Null pointer dereference when handling empty SSLv2 messages
A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library...
PT-2017-17775 · Mozilla +4 · Network Security Services +4
Name of the Vulnerable Software and Affected Versions: Network Security Services NSS versions 3.24.0 and later Description: A null pointer dereference issue was discovered in NSS when the server receives empty SSLv2 messages, potentially leading to a denial of service by a remote attacker...
CVE-2014-0097
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...
kernel: Oops in shash_async_export()
A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...
kernel: Oops in shash_async_export()
A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...
kernel: Oops in shash_async_export()
A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...
collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions
collectd contains an infinite loop due to how the parsepacket and parsepartsignsha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of...
UBUNTU-CVE-2017-9217
systemd-resolved through 233 allows remote attackers to cause a denial of service daemon crash via a crafted DNS response with an empty question section...