4743 matches found
CVE-2015-8899
Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...
DEBIAN-CVE-2015-8899
Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...
DVR surveillance empty token
No description provided by source...
SUSE-SU-2016:1528-1 Security update for openssh
openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to...
pcre: stack overflow caused by mishandled group empty match (8.38/11)
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...
CVE-2014-9767
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...
CVE-2016-0381
IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service configuration outage via a non-empty value...
UBUNTU-CVE-2015-5726
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...
pcre: stack overflow caused by mishandled group empty match (8.38/11)
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...
CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password
More info at https://symfony.com/cve-2016-2403...
CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password
More info at https://symfony.com/cve-2016-2403...
CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password
Affected versions Symfony 2.8.0 to 2.8.5 and 3.0.0 to 3.0.5 versions of the Symfony Security component are affected by this security issue. The issue has been fixed in Symfony 2.8.6 and 3.0.6. Description The bind operation of LDAP, as described in RFC 4513, provides a method which allows for...
The vulnerability of Google Chrome browser allows a hacker to manipulate the URL string.
The vulnerability of the WebContentsImpl::FocusLocationBarByDefault function content/browser/webcontents/webcontentsimpl.cc in the Google Chrome browser exists due to improper handling of calls to certain empty pages. Exploiting this vulnerability can allow a malicious actor to manipulate the URL...
Wireshark ASN.1 BER parser denial of service vulnerability (CNVD-2016-02773)
Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A denial of service vulnerability exists in the epan/dissectors/packet-ber.c file in the ASN.1 BER parser in Wireshark version 1.12.x before 1.12.10 and version 2.x before 2.0.2. A...
Moving or deleting an issue leaves the empty attachments subdirectory on the filesystem
To reproduce: Create an issue Attach a file to it Locate the file on the JIRA-server filesystem -- under JIRA "home" directory attachments/..../PROJECT-ISSUE Move the issue to a different project or delete it completely Observe the empty issue subdirectory remaining on the filesystem The director...
DEBIAN-CVE-2016-4418
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet that triggers an empty set...
UBUNTU-CVE-2016-4418
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet that triggers an empty set...
dnsmasq -- denial of service
reports: Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...
The vulnerability of the NX-OS network operating system allows attackers to increase their privileges.
The vulnerability of the NX-OS network operating system is related to the use of a empty root password. Exploiting this vulnerability could allow an attacker, operating locally, to gain increased privileges...
FreeBSD : Botan BER Decoder vulnerabilities (2004616d-f66c-11e5-b94c-001999f8d30b)
The botan developers reports : Excess memory allocation in BER decoder - The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer...