DEBIAN-CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

UBUNTU-CVE-2018-20855

An issue was discovered in the Linux kernel before 4.18.7. In createqpcommon in drivers/infiniband/hw/mlx5/qp.c, mlx5ibcreateqpresp was never initialized, resulting in a leak of stack memory to userspace...

CVE-2019-5605

In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may...

CVE-2019-5605

Removed by vendor...

Foxit PhantomPDF < 8.3.11 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.11. It is, therefore affected by multiple vulnerabilities: - An uninitialized pointer flaw exists when calling xfa.event.rest XFA JavaScript that can cause the...

UBUNTU-CVE-2019-10173

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON...

The vulnerability of the genrb file conversion tool, related to incorrect initialization, allows a hacker to cause a service failure.

The vulnerability of the genrb file transformation tool is related to incorrect initialization. Exploiting this vulnerability can allow an attacker to cause a service failure by entering a specially crafted sequence of data in the command line...

CVE-2019-12552

In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service...

SUSE SLED15 / SLES15 Security Update : libgcrypt (SUSE-SU-2019:1859-1)

This update for libgcrypt fixes the following issues : Security issues fixed : CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an...

CVE-2019-13603

An issue was discovered in the HID Global DigitalPersona formerly Crossmatch U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combinatio...

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access Exploit

/ Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final...

Remote Desktop Protocol Client Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would...

The vulnerability of ABB’s HMI panels allows attackers to gain unauthorized access to protected information.

The vulnerability of the HMI control panel interfaces of ABB automation systems—ABB CP620 1SAP520100R0001, CP620 1SAP520100R4001, CP620-WEB 1SAP520200R0001, CP630 1SAP530100R0001, CP630-WEB 1SAP530200R0001CP, CP635 1SAP535100R0001, CP635 1SAP535100R5001, CP635-B 1SAP535100R2001, CP635-WEB...

GHSA-C9JJ-3WVG-Q65H Vulnerability that affects org.apache.pdfbox:pdfbox

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...

The vulnerability in the XNU kernel of iOS, Mac OS, and TV OS allows attackers to perform unauthorized changes to the memory shared among processes.

The vulnerability of the XNU-based operating systems such as iOS, Mac OS, and TV OS is related to errors in the memory initialization mechanism. Exploiting this vulnerability allows an attacker to perform unauthorized changes to the memory shared among processes, using specially crafted executabl...

EulerOS 2.0 SP5 : expat (EulerOS-SA-2019-1666)

According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products,...

The vulnerability in the implementation of the ips_init_phase1 function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability in the implementation of the ipsinitphase1 function, which is called from the ipsinsertdevice handler in the loaded module drivers/scsi/ips.ko of the Linux operating system, stems from a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure...

The vulnerability of the lnstat network statistics collection program, related to memory initialization errors, allows a hacker to cause a service failure.

The vulnerability of the lnstat network statistics collection program is related to memory initialization errors. Exploiting this vulnerability can allow an attacker to cause the program to terminate abnormally due to a SIGSEGV signal, caused by attempting to access memory at address 0 after...

The vulnerability of the sis5595_probe driver in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the sis5595probe handler in the loaded modules of drivers/hwmon/sis5595.ko in the Linux operating system arises due to the assignment of a null pointer. Exploiting this vulnerability can allow an attacker to cause a system failure by connecting a device that appears to be LM...

The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library allows a perpetrator to trigger a service failure.

The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library is related to initialization errors. Exploiting this vulnerability can allow attackers to cause service failures in applications by entering specially crafted data...