9102 matches found
PT-2023-16716 · Techpowerup · Techpowerup Realtemp
Name of the Vulnerable Software and Affected Versions: TechPowerUp RealTemp version 3.7.0.0 Description: A critical vulnerability was found in the library WinRing0x64.sys, leading to improper initialization. The attack must be approached locally. The exploit has been disclosed to the public and m...
Code injection in pdf_info
pdfinfo 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection such that an attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization, there is no validation performed and the user provided path is used...
Code injection in pdf_info
pdfinfo 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used...
cloud-init bug fix and enhancement update
An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...
K25511825: Linux kernel vulnerabilities CVE-2021-3564, CVE-2021-3573, and CVE-2021-3752
Security Advisory Description CVE-2021-3564 A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kerne...
K57201259: Intel SGX vulnerabilities CVE-2019-14565, CVE-2019-14566
Security Advisory Description CVE-2019-14565 Insufficient initialization in IntelR SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via...
K61095244: Intel software vulnerabilities CVE-2020-8705, CVE-2020-8744, CVE-2020-8745, CVE-2020-8756
Security Advisory Description CVE-2020-8705 Insecure default initialization of resource in IntelR Boot Guard in IntelR CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE versions before 3.1.80 and 4.0.30, IntelR SPS versions before...
K70938105: Expat XML library vulnerability CVE-2016-5300
Security Advisory Description The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete...
K44691188: Intel TXE / SPS vulnerabilities CVE-2020-0566, CVE-2020-0586
Security Advisory Description CVE-2020-0566 Improper Access Control in subsystem for IntelR TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2020-0586 Improper initialization in subsystem for IntelR SPS...
K72225092: Linux kernel vulnerability CVE-2015-8746
Security Advisory Description fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service NULL pointer dereference and panic via crafted network traffic...
K37510383: Linux kernel SCTP vulnerability CVE-2015-5283
Security Advisory Description The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service panic or memory corruption by creating SCTP sockets before all of the steps...
The vulnerability in the implementation of the SNP_INIT command during the loading of microprogramming software for AMD processors allows a attacker to influence the integrity of the protected information.
The vulnerability of the SNPINIT implementation in the loading of microprogramming software for AMD processors is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to influence the integrity of the protected information...
User data in TPM attestation vulnerable to MITM
Impact Attestation user data such as the digest of the public key in an aTLS connection was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In...
GHSA-R2H5-3HGW-8J34 User data in TPM attestation vulnerable to MITM
Impact Attestation user data such as the digest of the public key in an aTLS connection was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In...
CVE-2022-34153
Improper initialization in the IntelR Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2022-34153
Improper initialization in the IntelR Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access...
Input validation
Improper initialization in the IntelR Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access...
Input validation
Improper initialization in the IntelR TXT SINIT ACM for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...
CVE-2022-30704
The CVE-2022-30704 issue relates to improper initialization in the Intel TXT SINIT ACM for certain Intel processors. The underlying effect is a potential privilege escalation via local access by a privileged user. Documents specify the affected component as the Intel TXT SINIT ACM within BIOS/fir...