4754 matches found
CVE-2014-3970
The partprecv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service assertion failure and abort via an empty UDP packet...
CVE-2014-3836
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that 1 conduct cross-site scripting XSS attacks, 2 modify files, or 3 rename files via unspecified vectors...
CVE-2013-2124
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...
DEBIAN-CVE-2013-2124
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...
Double free
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...
UBUNTU-CVE-2013-2124
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...
jdmail 弱密码漏洞
JinDiMail邮箱系统是TurboMail基础上二次开发安装后 默认会有4个root域的账号,管理员及三个普通账号:postmaster管理员nobodysecbmsecsj默认密码为空漏洞利用过程http://xxx.com/mailmain?type=login&uid=secbm&pwd=&domain=root&style=enterprisehttp://xxx.com/mailmain?type=login&uid=...
RSA NetWitness / RSA Security Analytics authentication bypass
Under some conditions, login with empty password is allowed...
DEBIAN-CVE-2014-2285
The perltrapdhandler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service snmptrapd crash via an empty community string in an SNMP trap, which triggers a NULL pointer dereference...
wireshark: SIP dissector could go into an infinite loop (wnpa-sec-2013-66)
The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...
net-snmp: snmptrapd crash when using a trap with empty community string
The perltrapdhandler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service snmptrapd crash via an empty community string in an SNMP trap, which triggers a NULL pointer dereference...
CVE-2014-2057
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-2150
Multiple cross-site scripting XSS vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files...
MGASA-2014-0122 Updated net-snmp packages fix two vulnerabilities
Updated net-snmp packages fix security vulnerabilities: Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects CVE-2014-2284. Remotely exploitable denial of...
Silex USB Device Server Web Configuration Page Empty Password
The Web Configuration Page of the remote Silex USB Device Server uses an empty password to manage the device. Knowing this, an attacker with access to the web server can gain administrative access to the device. Note that the device's Web Configuration Page uses host-based authentication. If a...
Fedora 20 : libpng10-1.0.60-6.fc20 (2014-1778)
This update fixes an issue in which an image with a missing or empty palette could cause a crash of a libpng10-using application CVE-2013-6954. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
DEBIAN-CVE-2014-0979
The startauthentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdmgreetergetauthenticationuser function, which allows local users to cause a denial of service NULL pointer dereference via an empty username...
UBUNTU-CVE-2014-0979
The startauthentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdmgreetergetauthenticationuser function, which allows local users to cause a denial of service NULL pointer dereference via an empty username...
CVE-2014-0979
The startauthentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdmgreetergetauthenticationuser function, which allows local users to cause a denial of service NULL pointer dereference via an empty username...
libpng 1.6.1 through 1.6.7 contain a null-pointer dereference vulnerability
Overview libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference crash in pngdoexpandpalette. Description The PNG Development Group has reported that "libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images wit...