Lucene search
K

4724 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/12/17 2:40 p.m.57 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities in Node.js CVE-2019-9511, CVE-2019-9516, CVE-2019-9512, CVE-2019-9517, CVE-2019-9518, CVE-2019-9515, CVE-2019-9513, CVE-2019-9514 Vulnerability Details CVEID: CVE-2019-9511 DESCRIPTION: Some HTTP/2 implementation...

7.8CVSS0.3AI score0.87806EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/12/16 12:0 a.m.43 views

FreeBSD : dovecot -- NULL pointer deref in notify with empty headers (b7dc4dde-2e48-43f9-967a-c68461537cf2)

Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

5.3CVSS7.1AI score0.02476EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2019/12/10 12:0 a.m.35 views

dovecot -- null pointer deref in notify with empty headers

Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers...

5.3CVSS1.3AI score0.02476EPSS
Exploits0References1
OSV
OSV
added 2019/11/30 11:15 p.m.0 views

DEBIAN-CVE-2019-19269

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...

4.9CVSS6AI score0.01645EPSS
Exploits0References1
OSV
OSV
added 2019/11/26 5:15 a.m.1 views

DEBIAN-CVE-2011-4120

Yubico PAM Module before 2.10 performed user authentication when 'usefirstpass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the...

9.8CVSS8.6AI score0.02019EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/11/25 12:0 a.m.4 views

The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software with an empty file via FTP protocol, thereby causing a service failure.

The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download the embedded software update with an empty file via FTP protocol, thereby causing service...

6.8CVSS5.6AI score0.00959EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2019/11/22 12:0 a.m.15 views

gitea -- multiple vulnerabilities

The Gitea Team reports: Hide credentials when submitting migration Never allow an empty password to validate Prevent redirect to Host Hide public repos owned by private orgs...

1.6AI score
Exploits0References1
OSV
OSV
added 2019/11/21 3:15 a.m.2 views

DEBIAN-CVE-2019-19037

ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero...

5.5CVSS6.6AI score0.01886EPSS
Exploits1References1
OSV
OSV
added 2019/11/21 3:15 a.m.3 views

UBUNTU-CVE-2019-19037

ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero...

5.5CVSS7.1AI score0.01886EPSS
Exploits1References4
CNVD
CNVD
added 2019/11/21 12:0 a.m.2 views

Linux kernel null pointer dereference vulnerability (CNVD-2019-42387)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A null pointer dereference vulnerability exists in ext4emptydir in fs/ext4/namei.c in Linux kernel 5.3.12 and earlier...

5.5CVSS7.5AI score0.01886EPSS
Exploits1References1
OSV
OSV
added 2019/11/18 6:15 a.m.1 views

BELL-CVE-2019-19072 CVE-2019-19072 does not affect BellSoft software

Bulletin has no description...

4.4CVSS7.2AI score0.00405EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/11/18 12:0 a.m.5 views

The vulnerability of the Ruby interpreter’s methods Dir.open, Dir.new, Dir.entries, and Dir.empty allows attackers to gain unauthorized access to protected data or compromise the integrity of protected information.

The vulnerability of the Dir.open, Dir.new, Dir.entries, and Dir.empty methods in the Ruby programming language exists due to incorrect path name restrictions for restricted-access directories. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected data or...

6.5CVSS6.7AI score0.10098EPSS
Exploits0References12Affected Software5
RedHat Linux
RedHat Linux
added 2019/11/14 9:17 p.m.3 views

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.25448EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.43 views

EulerOS 2.0 SP5 : unzip (EulerOS-SA-2019-2234)

According to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly execute...

6.8CVSS6.9AI score0.07184EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2019/11/07 12:0 a.m.380 views

Adobe ColdFusion RDS Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion RDS Authentication Bypass', 'Description' = %q Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass...

0.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/11/05 10:29 p.m.5 views

openssh: scp client improper directory name validation

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...

5.3CVSS7.2AI score0.03681EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/11/05 9:29 p.m.3 views

dovecot: Improper certificate validation

It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...

7.7CVSS5.9AI score0.02462EPSS
Exploits1References5
CNVD
CNVD
added 2019/10/30 12:0 a.m.2 views

Schneider Electric Modicon M580/M340/BMxCRA/140CRA Denial of Service Vulnerability (CNVD-2019-41496)

The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric. A denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA. An attacker can exploit this vulnerability to cause a denial of service by upgrading the controller...

4.9CVSS6.8AI score0.00959EPSS
Exploits0References1
Metasploit
Metasploit
added 2019/10/27 4:25 p.m.38 views

Adobe ColdFusion RDS Authentication Bypass

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Due to default settings or misconfiguration, its password can be set to an empty value. This allows an attacker to create a session via the RDS login that can be carried over to th...

0.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/10/24 12:0 a.m.5 views

The vulnerability of the /etc/passwd file in Cisco Small Business router microprogramming devices series 250, 350, 350X, and 550X allows a hacker to elevate their privileges to the root level.

The vulnerability of the /etc/passwd file in Cisco Small Business routers of the 250, 350, 350X, and 550X series is related to the presence of empty password entries for the root and user accounts. Exploiting this vulnerability allows a remote attacker to elevate their privileges to the root leve...

7.6CVSS5.5AI score
Exploits0References1Affected Software4
Rows per page
Query Builder