USN-3336-1 nss vulnerability

It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service...

nss: Null pointer dereference when handling empty SSLv2 messages

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library...

Foscam camera FTP Server Account Empty Password Vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera FTP server has an account empty password vulnerability, due to the user account of the built-in FTP server is empty password. Attackers can then access the...

Foscam camera FTP server account hard-coded password vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera FTP server account has a hard-coded password vulnerability due to the built-in FTP user password being hard-coded and empty. An attacker can exploit the...

Authentication flaw

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service...

CVE-2014-8180

The CVE concerns MongoDB within Red Hat Satellite 6. Affected component: MongoDB used by Satellite 6. Issue: local users can bypass authentication by logging in with an empty password, potentially deleting information and causing a Denial of Service. Root cause: authentication bypass in the Mongo...

BELL-CVE-2017-9060 CVE-2017-9060 does not affect BellSoft software

Bulletin has no description...

nss: Null pointer dereference when handling empty SSLv2 messages

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library...

nss: Null pointer dereference when handling empty SSLv2 messages

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library...

PT-2017-17775 · Mozilla +4 · Network Security Services +4

Name of the Vulnerable Software and Affected Versions: Network Security Services NSS versions 3.24.0 and later Description: A null pointer dereference issue was discovered in NSS when the server receives empty SSLv2 messages, potentially leading to a denial of service by a remote attacker...

CVE-2014-0097

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...

kernel: Oops in shash_async_export()

A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...

kernel: Oops in shash_async_export()

A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...

kernel: Oops in shash_async_export()

A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...

collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions

collectd contains an infinite loop due to how the parsepacket and parsepartsignsha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of...

UBUNTU-CVE-2017-9217

systemd-resolved through 233 allows remote attackers to cause a denial of service daemon crash via a crafted DNS response with an empty question section...

PT-2017-18793 · Systemd +2 · Systemd-Resolved +2

Name of the Vulnerable Software and Affected Versions: systemd-resolved versions through 233 Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a crafted DNS response with an empty question section. Recommendations: For versions through...

CVE-2017-9090

reg.php in Allen Disk 1.6 doesn't check if isset$SESSION'captcha''code'==1, which makes it possible to bypass the CAPTCHA via an empty $POST'captcha'...

jasper: NULL pointer dereference in jpc_tsfb_synthesize()

The jpctsfbsynthesize function in jpctsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service NULL pointer dereference via vectors involving an empty sequence...

libevent: Out-of-bounds read in search_make_new()

An out of bounds read vulnerability was found in libevent in the searchmakenew function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash...