The vulnerability of the Wireshark Network Protocol Analyzer software allows a remote attacker to compromise the accessibility of protected information.

A vulnerability exists in the SnifferDecompress function in the wireshark/Wireshark DOS sniffer processing module, located in the wiretap/ngsniffer.c file. This vulnerability arises due to improper handling of empty input data. Exploiting this vulnerability allows malicious individuals operating...

The vulnerability of the Wireshark Network Protocol Analyzer software allows a remote attacker to compromise the accessibility of protected information.

A vulnerability exists in the dissecthiptlv function in the epan/dissectors/packet-hip.c file of the HIP dissector in Wireshark, due to incorrect handling of an empty tree structure. Exploiting this vulnerability allows malicious individuals operating remotely to cause a service failure lockup by...

crash: mon_command crashes ceph monitors on receiving empty prefix

A flaw was found in the way handlecommand function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash...

crash: mon_command crashes ceph monitors on receiving empty prefix

A flaw was found in the way handlecommand function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash...

Route Validation Bypass

Overview Affected versions of call do not validate empty parameters, which may result in a bypass of route validation rules. Proof of Concept Routing Scheme: /api/param/param2/details Triggering Request Path: /api/// Recommendation Update to version 3.0.2 or later. References - Issue 3228 - GitHu...

Debian DSA-3613-1 : libvirt - security update

Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user ...

PT-2016-6216 · Red Hat +4 · Libvirt +5

Name of the Vulnerable Software and Affected Versions: libvirt versions prior to 2.0.0 Description: The issue allows remote attackers to bypass authentication and establish a VNC session by connecting to the server when the password on a VNC server is set to an empty string. Recommendations: For...

Debian: Security Advisory (DSA-3613-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MileSight camera multiple built-in default account vulnerabilities

MileSight camera is a network camera produced by Xiamen PulseVision Digital Technology Co. MileSight camera has multiple built-in default account vulnerabilities. The default configuration of the MileSight camera device has three authenticated accounts and seven unauthenticated accounts. If the...

CVE-2015-8899

Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...

CVE-2015-8899

Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...

DEBIAN-CVE-2015-8899

Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...

DVR surveillance empty token

No description provided by source...

SUSE-SU-2016:1528-1 Security update for openssh

openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to...

pcre: stack overflow caused by mishandled group empty match (8.38/11)

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...

CVE-2014-9767

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...

CVE-2016-0381

IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service configuration outage via a non-empty value...

UBUNTU-CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...

pcre: stack overflow caused by mishandled group empty match (8.38/11)

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...

CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password

More info at https://symfony.com/cve-2016-2403...