4654 matches found
Denial Of Service (DoS)
github.com/grpc/grpc-go is vulnerable to denial of service DoS attacks. A malicious user can send an empty hpack string to the system and cause it to crash...
Weblate: Null Password - Setting a new password doesn't check for empty spaces
Hi Again! As seen your website at https://demo.weblate.org/accounts/password/ Your password can't be too similar to your other personal information. Your password must contain at least 6 characters. Your password can't be a commonly used password. Your password can't be entirely numeric. I found...
libevent: Out-of-bounds read in search_make_new()
An out of bounds read vulnerability was found in libevent in the searchmakenew function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash...
libevent: Out-of-bounds read in search_make_new()
An out of bounds read vulnerability was found in libevent in the searchmakenew function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash...
The vulnerability of the iOS operating system and the Mac OS X operating system allows attackers to circumvent existing access restrictions.
The vulnerability of the Security component in the iOS operating system and the Mac OS X operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions by successfully calling the SecKeyRawVerify API...
CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirmhash value to verify.php...
PT-2017-17844 · Mantisbt · Mantisbt
Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 2.3.1 Description: The issue allows for arbitrary password reset and unauthenticated admin access. This is achieved by providing an empty confirm hash value to the "verify.php" endpoint. Recommendations: For version...
kernel: Off-by-one error in selinux_setprocattr (/proc/self/attr/fscreate)
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty null write to this file can crash the system by causing the system to attempt to access unmapped kernel memory...
kernel: Off-by-one error in selinux_setprocattr (/proc/self/attr/fscreate)
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty null write to this file can crash the system by causing the system to attempt to access unmapped kernel memory...
PT-2017-10685 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an authenticated adversary to create empty folders inside a shared folder, despite lacking the necessary permissions, due to a...
UBUNTU-CVE-2017-7401
Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...
ALPINE-CVE-2017-7401
Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...
CVE-2017-2423
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with a...
Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities
Binary data 700032.prm...
PYSEC-2017-8
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...
PYSEC-2017-8
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...
CVE-2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...
CVE-2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...
CVE-2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...
Null pointer dereference
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service NULL pointer dereference via an empty packet line...