13 matches found
Astra Linux - уязвимость в freeipa
A flaw was discovered in all IPA versions ranging from 4.x.x to 4.8.0. When sending a very long password = 1,000,000 characters to the server, the password hashing process could exhaust memory and CPU resources, resulting in a denial of service and making the website unresponsive. The greatest...
CVE-2026-33297
WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numer...
libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...
EUVD-2022-5668
Malicious code in bioql PyPI...
smb: client: Handle kstrdup failures for passwords
...
ipa: No password length restriction leads to denial of service
A flaw was found in IPA. When sending a very long password = 1,000,000 characters to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability...
CVE-2016-0762
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note...
Default configuration
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note...
SUSE-SU-2016:2555-1 Security update for openssh-openssl1
This update for openssh-openssl1 fixes the following issues: Security issues fixed: - CVE-2016-6210: Prevent user enumeration through the timing of password processing bsc989363 - CVE-2016-6515: limit accepted password length prevents possible DoS bsc992533 - CVE-2016-3115: Sanitise input for...
SUSE SLES11 Security Update : openssh (SUSE-SU-2016:2388-1)
This update for OpenSSH fixes the following issues : - Prevent user enumeration through the timing of password processing. bsc989363, CVE-2016-6210 - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. bsc948902 - Sanitize input for xauth1. bsc97063...
UBUNTU-CVE-2015-8927
The tradencdecryptupdate function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds heap read and crash via a crafted zip file, related to reading the password...
SUSE SLES11 Security Update : openssh (SUSE-SU-2016:2281-1)
This update for openssh fixes the following issues : - CVE-2016-6210: Prevent user enumeration through the timing of password processing bsc989363 -preventtiminguserenumeration - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used bsc948902 -...
MySQL buffer overflow
Buffer overflow on processing users password table...