4725 matches found
HTTP/2: flood using empty frames results in excessive resource consumption
A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...
Authentication Bypass
shiro-core is vulnerable to authentication bypass. An attacker is able to bypass authentication using an empty principal due to an insecure validation in FirstSuccessfulStrategy...
CVE-2020-8864
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login...
Authentication flaw
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login...
CVE-2020-8864
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login...
HTTP/2: flood using empty frames results in excessive resource consumption
A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...
CVE-2020-8864
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login...
The vulnerability of the HNAP strncmp component in the microprogramming software for wireless routers from D-Link, such as the D-Link DIR-867-US, D-Link DIR-878, and D-Link DIR-882-US, allows a hacker to alter the administrator password.
The vulnerability of the HNAP strncmp component in microprogrammed software for D-Link wireless routers such as D-Link DIR-867-US, D-Link DIR-878, and D-Link DIR-882-US is related to errors in handling empty passwords. Exploiting this vulnerability could allow a remote attacker to change the...
Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)
Summary IBM Cloud Transformation Advisor has addressed following vulnerabilities: CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513 Vulnerability Details CVEID: CVE-2019-9515 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a...
BELL-CVE-2019-20485 CVE-2019-20485 does not affect BellSoft software
Bulletin has no description...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. Remediation Upgrade...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. Remediation Upgrade...
libavif:avif_decode_fuzzer: Null-dereference READ with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=5645512985542656 Project: libavif Fuzzing Engine: libFuzzer Fuzz Target: avifdecodefuzzer Job Type: libfuzzerasanlibavif Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: NULL Sanitizer: address ASAN...
HTTP/2: flood using empty frames results in excessive resource consumption
A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...
dav1d:dav1d_fuzzer: Null-dereference READ with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=5687738131283968 Project: dav1d Fuzzing Engine: libFuzzer Fuzz Target: dav1dfuzzer Job Type: libfuzzerasani386dav1d Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: NULL Sanitizer: address ASAN Crash...
golang-protobuf:wirefuzz: Crash with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=5652073511387136 Project: golang-protobuf Fuzzing Engine: libFuzzer Fuzz Target: wirefuzz Job Type: libfuzzerasangolang-protobuf Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000059044a4 Crash State: NULL Sanitizer: address ASAN...
The vulnerability of the flv_write_packet function in the FFmpeg multimedia library, which stems from the lack of checks for empty audio packets, allows attackers to trigger a service failure.
The vulnerability of the flvwritepacket function in the FFmpeg multimedia library lies in the lack of checks to ensure that no empty audio packets are present. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
skia:api_skdescriptor: Crash with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=5755812456955904 Project: skia Fuzzing Engine: libFuzzer Fuzz Target: apiskdescriptor Job Type: libfuzzermsanskia Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000004050020 Crash State: NULL Sanitizer: memory MSAN Recommended...
D-Link Multiple Routers HNAP strncmp Incorrect Comparison Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue...
wasmtime:api_calls: Crash with empty stacktrace
Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5069880397398016 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: apicalls Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x7f52f0071d5...