kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS

A flaw was found in the way the Intel Wireless driver in the Linux kernel handled resource cleanup during Gen 3 device initialization. This flaw allows an attacker with the ability to restrict access to DMA coherent memory on device initialization, to crash the system...

kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS

A flaw was found in the way the Intel Wireless driver in the Linux kernel handled resource cleanup during Gen 3 device initialization. This flaw allows an attacker with the ability to restrict access to DMA coherent memory on device initialization, to crash the system...

The vulnerability of Intel Server Platform Services’ microprogramming software lies in improper resource initialization, which allows attackers to increase their privileges or cause service failures.

The vulnerability of Intel Server Platform Services’ microprogramming software is related to incorrect resource initialization. Exploiting this vulnerability can allow attackers to enhance their privileges or cause service failures...

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

...

CVE-2020-3513

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...

The vulnerability of Intel Software Guard Extensions SDK, related to improper data initialization, allows attackers to enhance their privileges.

The vulnerability of Intel Software Guard Extensions SDK relates to incorrect data initialization. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Intel Graphics Driver lies in its improper initialization of data, which allows a hacker to trigger a service failure.

The vulnerability of the Intel Graphics Driver relates to improper data initialization. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of Intel microprogramming software, related to improper data initialization, allows attackers to exploit their privileges.

The vulnerability of Intel microprogramming software is related to incorrect data initialization. Exploiting this vulnerability can allow attackers to enhance their privileges...

PT-2020-20901 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 14.0 iPadOS versions prior to 14.0 Description: A memory initialization issue was addressed with improved memory handling, allowing a local user to potentially read kernel memory. Recommendations: For iOS versions prior ...

CVE-2020-1472

A flaw was found in the Microsoft Windows Netlogon Remote Protocol MS-NRPC, where it reuses a known, static, zero-value initialization vector IV in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obta...

CVE-2020-1592

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63312)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...

SAP 3D Visual Enterprise Viewer U3D File Parsing 3difr Plugin Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Microsoft Windows WebM Video Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Low: Red Hat Security Advisory: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

PT-2020-3908 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: An information disclosure issue exists due to improper initialization of objects in memory by the Windows kernel. To exploit this, an authenticated attacker could run a specially crafted...

Hardcoded Initialization Vector in parsel

All versions of parsel have a default hardcoded initialization vector. In cases where the IV is not provided, the package defaults to a hardcoded IV which renders the cipher vulnerable to chosen plaintext attacks. Recommendation The package is deprecated and will not be updated. Consider using an...

USN-4488-1 xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. CVE-2020-14346 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could...

The vulnerability of the Fly-wm window manager, related to improper initialization of resources, allows attackers to cause service failure.

The vulnerability of the Fly-wm window manager is related to incorrect initialization of resources. Exploiting this vulnerability can allow attackers to cause service failures...