4721 matches found
Jupyter Notebook Open Redirect Vulnerability
Jupyter Notebook is an open source web application that lets you create and share documents containing live code, equations, visualizations, and narrative text. An open redirection vulnerability exists in Jupyter Notebook versions prior to 5.7.8. An attacker can exploit this vulnerability via emp...
Open redirect
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...
PYSEC-2019-158
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...
PYSEC-2019-158
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...
The vulnerability of the imap_mail function in the PHP programming language allows a hacker to cause a service failure.
The vulnerability of the imapmail function in the PHP programming language is related to errors in handling empty strings in message arguments. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
PT-2019-12060 · Project Jupyter +2 · Jupyter Notebook +2
Name of the Vulnerable Software and Affected Versions: Jupyter Notebook versions prior to 5.7.8 Description: The issue is related to an open redirect that can occur due to an empty netloc. This problem exists because of an incomplete fix for a previously identified issue. Recommendations: For...
PT-2019-1107 · Libyang · Libyang
Name of the Vulnerable Software and Affected Versions: libyang versions prior to v1.0-r1 Description: A double-free issue is present in the yyparse function when an empty description is used, potentially causing a crash or code execution. This issue affects applications that use libyang to parse...
ALPINE-CVE-2018-12551
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent...
ALPINE-CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
UBUNTU-CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
DEBIAN-CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
DEBIAN-CVE-2018-12551
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent...
DEBIAN-CVE-2019-3814
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...
ALPINE-CVE-2019-3814
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...
PT-2019-5775 · Influxdata +3 · Influxdb +3
Name of the Vulnerable Software and Affected Versions: InfluxDB versions prior to 1.7.6 Description: The issue is related to an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go due to a JWT token having an empty SharedSecret. This allows a remote...
ALPINE-CVE-2019-3860
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
DEBIAN-CVE-2019-3860
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
UBUNTU-CVE-2019-3860
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
The vulnerability of the atol8 function in the libarchive library, which allows a hacker to cause a service failure
The vulnerability of the atol8 function archivereadsupportformatxar.c in the libarchive library is related to errors in processing empty strings, which can lead to buffer overflows. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Data Leakage
ansible is vulnerable to data leakage. The vulnerability is possible because it does not properly handle empty strings passed to rsyncopts, which results in the revealing of the current working directory information...