crash: mon_command crashes ceph monitors on receiving empty prefix

A flaw was found in the way handlecommand function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash...

crash: mon_command crashes ceph monitors on receiving empty prefix

A flaw was found in the way handlecommand function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash...

Route Validation Bypass

Overview Affected versions of call do not validate empty parameters, which may result in a bypass of route validation rules. Proof of Concept Routing Scheme: /api/param/param2/details Triggering Request Path: /api/// Recommendation Update to version 3.0.2 or later. References - Issue 3228 - GitHu...

Debian DSA-3613-1 : libvirt - security update

Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user ...

PT-2016-6216 · Red Hat +4 · Libvirt +5

Name of the Vulnerable Software and Affected Versions: libvirt versions prior to 2.0.0 Description: The issue allows remote attackers to bypass authentication and establish a VNC session by connecting to the server when the password on a VNC server is set to an empty string. Recommendations: For...

MileSight camera multiple built-in default account vulnerabilities

MileSight camera is a network camera produced by Xiamen PulseVision Digital Technology Co. MileSight camera has multiple built-in default account vulnerabilities. The default configuration of the MileSight camera device has three authenticated accounts and seven unauthenticated accounts. If the...

Debian: Security Advisory (DSA-3613-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2015-8899

Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...

CVE-2015-8899

Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...

CVE-2015-8899

Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...

DVR surveillance empty token

No description provided by source...

SUSE-SU-2016:1528-1 Security update for openssh

openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to...

pcre: stack overflow caused by mishandled group empty match (8.38/11)

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...

CVE-2014-9767

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...

CVE-2016-0381

IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service configuration outage via a non-empty value...

UBUNTU-CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...

pcre: stack overflow caused by mishandled group empty match (8.38/11)

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...

CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password

More info at https://symfony.com/cve-2016-2403...

CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password

More info at https://symfony.com/cve-2016-2403...

CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password

Affected versions Symfony 2.8.0 to 2.8.5 and 3.0.0 to 3.0.5 versions of the Symfony Security component are affected by this security issue. The issue has been fixed in Symfony 2.8.6 and 3.0.6. Description The bind operation of LDAP, as described in RFC 4513, provides a method which allows for...