openSUSE Security Update : libzip-devel (openSUSE-SU-2011:0449-1)

empty zip archives could crash programs using libzip CVE-2011-0421. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libzip-devel-4188. The text description of this plugin is C SUSE LLC...

CVE-2009-5072

Memory leak in the ldapexplodedn function in IBM Tivoli Directory Server TDS 6.0 before 6.0.0.61 aka 6.0.0.8-TIV-ITDS-IF0003 allows remote authenticated users to cause a denial of service memory consumption via an empty string argument...

avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression)

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service infinite loop via an empty mDNS 1 IPv4 or 2 IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244...

DEBIAN-CVE-2011-1081

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service daemon crash via a relative Distinguished Name DN modification request aka MODRDN operation that contains an empty value for the OldDN field...

DEBIAN-CVE-2011-0421

The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service NULL pointer dereference via an empty ZIP archive that is processed with a...

CVE-2011-0421

The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service NULL pointer dereference via an empty ZIP archive that is processed with a...

Design/Logic Flaw

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service daemon crash via a relative Distinguished Name DN modification request aka MODRDN operation that contains an empty value for the OldDN field...

CVE-2011-0421

The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service NULL pointer dereference via an empty ZIP archive that is processed with a...

OpenJDK Launcher incorrect processing of empty library path entries (6983554)

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.229 and earlier for Solaris and Linux allows local standalone applications to affect...

qemu-kvm: Setting VNC password to empty string silently disables all authentication

qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions...

DEBIAN-CVE-2011-1002

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service infinite loop via an empty mDNS 1 IPv4 or 2 IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244...

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.229 and earlier for Solaris and Linux allows local standalone applications to affect...

OpenJDK Launcher incorrect processing of empty library path entries (6983554)

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.229 and earlier for Solaris and Linux allows local standalone applications to affect...

OpenJDK Launcher incorrect processing of empty library path entries (6983554)

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.229 and earlier for Solaris and Linux allows local standalone applications to affect...

Cisco Tandberg C Series default account

Device is shipped via empty root password...

HelixPlayer removal

1.0.6-3.1 - Empty package, and add uninstall subpackage with explanation for the emptiness. Related: bz662779...

ISC DHCP server DoS

Crash on Relay-Forward packet with empty link-address field...

isc-dhcp-server -- Empty link-address denial of service

ISC reports: If the server receives a DHCPv6 packet containing one or more Relay-Forward messages, and none of them supply an address in the Relay-Forward link-address field, then the server will crash. This can be used as a single packet crash attack vector...

DEBIAN-CVE-2010-3351

startBristol in Bristol 0.60.5 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

DEBIAN-CVE-2010-3071

bip before 0.8.6 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an empty USER command...