4724 matches found
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities in Node.js CVE-2019-9511, CVE-2019-9516, CVE-2019-9512, CVE-2019-9517, CVE-2019-9518, CVE-2019-9515, CVE-2019-9513, CVE-2019-9514 Vulnerability Details CVEID: CVE-2019-9511 DESCRIPTION: Some HTTP/2 implementation...
FreeBSD : dovecot -- NULL pointer deref in notify with empty headers (b7dc4dde-2e48-43f9-967a-c68461537cf2)
Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...
dovecot -- null pointer deref in notify with empty headers
Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers...
DEBIAN-CVE-2019-19269
An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...
DEBIAN-CVE-2011-4120
Yubico PAM Module before 2.10 performed user authentication when 'usefirstpass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the...
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software with an empty file via FTP protocol, thereby causing a service failure.
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download the embedded software update with an empty file via FTP protocol, thereby causing service...
gitea -- multiple vulnerabilities
The Gitea Team reports: Hide credentials when submitting migration Never allow an empty password to validate Prevent redirect to Host Hide public repos owned by private orgs...
DEBIAN-CVE-2019-19037
ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero...
UBUNTU-CVE-2019-19037
ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero...
Linux kernel null pointer dereference vulnerability (CNVD-2019-42387)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A null pointer dereference vulnerability exists in ext4emptydir in fs/ext4/namei.c in Linux kernel 5.3.12 and earlier...
BELL-CVE-2019-19072 CVE-2019-19072 does not affect BellSoft software
Bulletin has no description...
The vulnerability of the Ruby interpreter’s methods Dir.open, Dir.new, Dir.entries, and Dir.empty allows attackers to gain unauthorized access to protected data or compromise the integrity of protected information.
The vulnerability of the Dir.open, Dir.new, Dir.entries, and Dir.empty methods in the Ruby programming language exists due to incorrect path name restrictions for restricted-access directories. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected data or...
HTTP/2: flood using empty frames results in excessive resource consumption
A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...
EulerOS 2.0 SP5 : unzip (EulerOS-SA-2019-2234)
According to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly execute...
Adobe ColdFusion RDS Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion RDS Authentication Bypass', 'Description' = %q Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass...
openssh: scp client improper directory name validation
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...
dovecot: Improper certificate validation
It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...
Schneider Electric Modicon M580/M340/BMxCRA/140CRA Denial of Service Vulnerability (CNVD-2019-41496)
The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric. A denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA. An attacker can exploit this vulnerability to cause a denial of service by upgrading the controller...
Adobe ColdFusion RDS Authentication Bypass
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Due to default settings or misconfiguration, its password can be set to an empty value. This allows an attacker to create a session via the RDS login that can be carried over to th...
The vulnerability of the /etc/passwd file in Cisco Small Business router microprogramming devices series 250, 350, 350X, and 550X allows a hacker to elevate their privileges to the root level.
The vulnerability of the /etc/passwd file in Cisco Small Business routers of the 250, 350, 350X, and 550X series is related to the presence of empty password entries for the root and user accounts. Exploiting this vulnerability allows a remote attacker to elevate their privileges to the root leve...