Intel Ethernet I210 Controller 安全漏洞

The Intel Ethernet I210 Controller is a hardware device from Intel Corporation USA. Providing a complete network protocol stack provides the basis for enabling small groups of computers in the same LAN as well as WANs connected via routing protocols. A security vulnerability exists in the Intel...

Fuji Electric V-Server Lite VPR File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Record::read : Custom `Read` on uninitialized buffer may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Record::read Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized...

RUSTSEC-2021-0014 Record::read : Custom `Read` on uninitialized buffer may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Record::read Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized...

SUSE SLES15 Security Update : stunnel (SUSE-SU-2021:0194-1)

This update for stunnel fixes the following issues : Security issue fixed : The 'redirect' option was fixed to properly handle 'verifyChain = yes' bsc1177580. Non-security issues fixed : Fix startup problem of the stunnel daemon bsc1178533 update to 5.57 : - Security bugfixes - New features - New...

Exploit for Improper Initialization in Apple Ipados

This is a PoC exploit for CVE-2020-27950, a vulnerability in the macOS kernel that allows for a port pointer leak. The exploit targets the macOS kernel and leverages a vulnerability in the kalloc.1024 buffer to allocate a controlled buffer with a magic value. The exploit then creates an ipckmsg...

PT-2021-7753 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability was found in the fs/inode.c:inode init owner function logic of the Linux kernel. This issue allows local users to create files for the XFS file-system with unintended...

VulnCheck KEV: CVE-2018-8514

An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

The vulnerability of the init process of the loginctl subsystem of Systemd, related to security configuration errors, allows a perpetrator to access confidential data.

The vulnerability of the loginctl process in the initialization and service management subsystem of Systemd is related to security configuration errors. Exploiting this vulnerability can allow an attacker to access confidential data...

Reading uninitialized memory can cause UB (`Deserializer::read_vec`)

Deserializer::readvec created an uninitialized buffer and passes it to a user-provided Read implementation Deserializer.reader.readexact. Passing an uninitialized buffer to an arbitrary Read implementation is currently defined as undefined behavior in Rust. Official documentation for the Read tra...

UBUNTU-CVE-2020-35508

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

Linux: Read /etc/inetd.* and /etc/xinetd.* files

xinetd performs the same function as inetd: it starts programs that provide Internet services. Instead of having such servers started at system initialization time, and be dormant until a connection request arrives, xinetd is the only daemon process started and it listens on all service ports for...

Mersive Solstice Pod Security Vulnerability

Mersive Solstice Pod is a software application for conference screen sharing from Mersive USA. A security vulnerability exists in Solstice Pod versions prior to 3.3.0 or Open4.3, which stems from the ability to enumerate administrator passwords using a brute force attack via the configuration...

Unspecified Vulnerability in Phoenix Contact mGuard Devices

Phoenix Contact Mguard is a firewall device for industrial environments from Phoenix Contac. The device features multiple protection modes, deep packet inspection, malware and virus detection. A security vulnerability exists in Phoenix Contact mGuard Devices, which stems from the fact that for...

Odoo 输入验证错误漏洞

Odoo is an open source enterprise management suite , its features cover CRM, sales, purchasing, inventory management , manufacturing , quality management , HR full-featured , financial management , project management , PLM and a series of perfect enterprise information needs . An input validation...

The vulnerability of the initialization and service management subsystem in Linux’s systemd lies in the fact that resources are not released after their useful period has ended. This allows a malicious actor to trigger a service failure.

The vulnerability of the initialization and service management subsystems in Linux’s systemd relates to the failure to release resources after their useful lifespan has ended. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2020-12523

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports g...

CVE-2020-12523 Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports g...

CVE-2020-12523

Affected product: Phoenix Contact mGuard Devices (versions before 8.8.3) with LAN ports or an integrated LAN switch. Root cause: On reboot, the device exhibits Missing Initialization of Resource, causing LAN ports that were disabled by configuration to become functional again. In devices with an ...

Phoenix Contact mGuard Devices 安全漏洞

Phoenix Contact Mguard is a firewall device for industrial environments from Phoenix Contac. The device features multiple protection modes, deep packet inspection, malware and virus detection. A security vulnerability exists in Phoenix Contact mGuard Devices, which stems from the fact that for...