Input validation

Improper initialization in the IntelR SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-5529

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

CVE-2020-5529

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

UBUNTU-CVE-2020-5529

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

CVE-2020-5529

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init

''' usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctploadaddressesfrominit function of usersctp that can lead to a number of out-of-bound reads. The input to sctploadaddressesfrominit is verified by calling...

FreeBSD Kernel Stack Data Disclosure Vulnerability

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A stack data disclosure vulnerability exists in the FreeBSD kernel. The vulnerability is due to incorrect initialization of stack data structures and can be exploited by an attacker to cause a user process to crash...

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

CVE-2014-4860

CVE-2014-4860 is an integer overflow vulnerability in the Pre-EFI Initialization (PEI) capsule update coalescing phase of the UEFI/EDK2 implementation. The issue arises when the capsule update is coalesced back to its original form, enabling a write-what-where condition and potential bypass of ac...

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

SUSE-SU-2020:0262-1 Security update for glibc

This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition bsc1157292. Bug fixes: - Fixed z15 s390x strstr implementation that can return incorrect...

The vulnerability of the `serial_ir_init_module()` function (drivers/media/rc/serial_ir.c) in the Linux kernel allows a attacker to compromise the integrity, confidentiality, and accessibility of the protected information.

The vulnerability of the serialirinitmodule function drivers/media/rc/serialir.c in the Linux kernel is related to the use of memory after it has been freed. Exploiting this vulnerability could allow an attacker to compromise the integrity, confidentiality, and accessibility of the protected...

Hardcoded Initialization Vector

Overview All versions of parsel have a default hardcoded initialization vector. In cases where the IV is not provided, the package defaults to a hardcoded IV which renders the cipher vulnerable to chosen plaintext attacks. Recommendation The package is deprecated and will not be updated. Consider...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1055)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2017-1340)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2017-1341)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for icu (EulerOS-SA-2019-2248)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1479)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Insecure Encryption

Overview parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used b...

Insecure Encryption

Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used by the library is set...