Intel INTEL-SA-00463 安全漏洞

Intel INTEL-SA-00463 is the BIOS firmware for Intel® processors from Intel Corporation USA. A security vulnerability exists in INTEL-SA-00463, which stems from an improper initialization of the processor's firmware could allow a privileged user to enable privileged escalation via local access...

OpenText Brava! Desktop IGS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

PT-2024-11170 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13-rc3 Description: The vulnerability is related to the initialization of cad pid in the Linux kernel. During boot, kernel init freeable initializes cad pid to the init task's struct pid. Later, when cad pid i...

UVI-2021-1000578 net: hns3: put off calling register_netdev() until client initialize complete

net: hns3: put off calling registernetdev until client initialize complete This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.42 by commit...

GSD-2021-1000532 net: hns3: put off calling register_netdev() until client initialize complete

net: hns3: put off calling registernetdev until client initialize complete This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.9 by commit...

PT-2024-11278 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the initialization of the usb2 PHY glue in the Linux kernel when only PHY1 is used, such as on the Odroid-HC4 device. The regmap init code uses the usb2 ports...

EulerOS 2.0 SP9 : grub2 (EulerOS-SA-2021-1948)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to...

OPENSUSE-SU-2021:0799-1 Security update for libu2f-host

This update for libu2f-host fixes the following issues: This update ships the u2f-host package jscECO-3687 bsc1184648 Version 1.1.10 released 2019-05-15 - Add new devices to udev rules. - Fix a potentially uninitialized buffer CVE-2019-9578, bsc1128140 Version 1.1.9 released 2019-03-06 - Fix CID...

Conviction scoring fails to initialize and bootstrap

Handle 0xRajeev Vulnerability details Impact Conviction scores for new addresses/users fail to initialize+bootstrap in ERC20ConvictionScore’s updateConvictionScore because a new user’s numCheckpoints will be zero and never gets initialized. This effectively means that FairSide conviction scoring...

MetInfo 路径遍历漏洞

MetInfo adopts PHP+Mysql architecture, it is a cms building system which is very friendly to SEO, fully functional, supports multi-language, responsive display, and extremely suitable for enterprise and company website construction. A file modification vulnerability exists in MetInfo 7.0 beta. An...

PT-2021-10553 · Metinfo · Metinfo

Name of the Vulnerable Software and Affected Versions: MetInfo version 7.0 beta Description: The issue allows attackers to delete and modify ini files in specific locations, including app/system/language/admin/language general.class.php and app/system/include/function/file.func.php...

CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

Design/Logic Flaw

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

CVE-2020-27208

The CVE-2020-27208 issue affects SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token, where the flash read-out protection (RDP) level is not enforced during device initialization, enabling an attacker with physical access to downgrade RDP and read secrets (e.g., private ECC keys) from SRAM vi...

DoraCMS 加密问题漏洞

DoraCMS is based on Nodejs+eggjs+mongodb written a content management system . An encryption issue vulnerability exists in DoraCMS 2.1.1 and earlier versions. The vulnerability arises because the program does not use AES-CBC encryption with random salts or IVs, which makes user-encrypted password...

kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

samba: Netlogon elevation of privilege vulnerability (Zerologon)

A flaw was found in the Microsoft Windows Netlogon Remote Protocol MS-NRPC, where it reuses a known, static, zero-value initialization vector IV in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obta...

webkitgtk: Memory initialization issue possibly leading to memory disclosure

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory...