CVE-2020-0586

Improper initialization in subsystem for IntelR SPS versions before SPSE304.01.04.109.0 and SPSE304.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access...

Input validation

Improper initialization in subsystem for IntelR SPS versions before SPSE304.01.04.109.0 and SPSE304.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access...

CVE-2020-0586

Improper initialization in subsystem for IntelR SPS versions before SPSE304.01.04.109.0 and SPSE304.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access...

CVE-2020-0586

CVE-2020-0586 affects Intel Server Platform Services (SPS) subsystems prior to SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0. The root cause is improper initialization in SPS, which may allow a locally authenticated user to escalate privileges and/or cause a denial of service. Public sources (I...

Intel SPS Security Vulnerability

Intel Server Platform Services SPS is a server platform services program from Intel USA. A security vulnerability exists in Intel SPS versions prior to SPSE304.01.04.109.0 and SPSE304.08.04.070.0, which stems from the program not being properly initialized. A local attacker could exploit the...

CVE-2020-9833

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory...

Memory corruption

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory...

CVE-2020-9833

CVE-2020-9833 affects macOS via a memory initialization issue in kernel memory handling. The issue allows a local user to read kernel memory and is fixed in macOS Catalina 10.15.5. Affected components are kernel/memory handling paths referenced in multiple sources; remediation is applying the Cat...

Siemens SINUMERIK

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINUMERIK Vulnerabilities: Buffer Underflow, Heap-based Buffer Overflow, Improper Initialization, Out-of-bounds Read, Stack-based Buffer Overflow, Access of Memory Location After...

LSN-0067-1: Kernel Live Patch Security Notice

It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-11494...

CVE-2020-5408

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

CVE-2020-5408

CVE-2020-5408 (IBM) affects IBM Sterling Connect:Direct Web Services. A fixed null initialization vector in CBC mode for the queryable text encryptor may allow a dictionary attack to derive unencrypted values, exposing sensitive information. Remediation is via upgrading to supported fixes: IBM St...

DEBIAN-CVE-2020-12831

An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...

Solving Uninitialized Stack Memory on Windows

This blog post outlines the work that Microsoft is doing to eliminate uninitialized stack memory vulnerabilities from Windows and why we’re on this path. This blog post will be broken down into a few parts that folks can jump to: Uninitialized Memory Background Potential Solutions to Uninitialize...

The vulnerability of the Astra Linux Directory Service’s EPPT management system, related to improper data processing, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Astra Linux Directory Service Management System ALD is related to an initialization processing error. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the FreeIPA server, related to improper access control, allows a perpetrator to compromise data integrity.

The vulnerability of the FreeIPA server is related to improper initialization. Exploiting this vulnerability could allow an attacker to compromise data integrity...

The vulnerability of the `sctp_load_addresses_from_init` function in the implementation of the USRCTP protocol, which supports multiple addresses, relates to reading beyond the buffer boundaries in memory. This allows a malicious actor to cause a service failure.

The vulnerability of the sctploadaddressesfrominit function in the implementation of the USCTCP protocol, which supports multiple addresses, is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2019-11833

A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem...

CVE-2020-5877

On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOWINIT event may lead to a denial of service...

(Pwn2Own) Oracle VirtualBox OHCI Uninitialized Variable Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...