9070 matches found
CVE-2018-18979
The CVE-2018-18979 entry documents a vulnerability in the Ascensia Contour NEXT ONE Android app (pre-2019-01-15) caused by a statically coded initialization vector in the app’s crypto. This enables extraction of the IV to decipher communications with the backend server. When combined with another...
[SECURITY] Fedora 29 Update: pacemaker-2.0.0-5.fc29
Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be...
Stack Overflow Vulnerability in CenturyStar WebViewer.ocx Control Fl*** Initialization Parameters
Century Star Configuration Software is an obstruction software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility program generator, which consists of CSMaker development system and CSViewer operation system. A stack overflow vulnerability...
CenturyStar WebViewer.ocx Control Da*** and Other Initialization Parameters Global Variable Overflow Vulnerability
Century Star Configuration Software is an obstruction software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility program generator, which consists of CSMaker development system and CSViewer operation system. An overflow vulnerability exist...
Denial Of Service (DoS)
Apache httpd is vulnerable to denial of service attacks. The modauthdigest component does not properly initialize memory used to process 'Digest' type HTTP Authorization headers allowing a remote attacker to send a specially crafted request to view potentially sensitive information from the...
Information Disclosure
kernel-rt is vulnerable to information disclosure. The vulnerability exists as the net/dcb/dcbnl.c does not initialize certain structures...
Information Disclosure
kernel-rt is vulnerable to information disclosure. The vulnerability exists as the btsockrecvmsg function in net/bluetooth/afbluetooth..c does not initialize a certain length variable...
Information Disclosure
kernel-rt is vulnerable to information disclosure. The vulnerability exists as the rfcommsockrecvmsg function in net/bluetooth/rfcomm/sock.c does not initialize a certain length variable...
The vulnerability of the DHCPv6 input processor in the Cisco Prime Network Registrar software, which manages network services, allows a attacker to trigger a service failure.
The vulnerability of the DHCPv6 input processor in the Cisco Prime Network Registrar network service management software is related to improper initialization. Exploiting this vulnerability can allow a malicious actor to cause service failure by sending corrupted DHCPv6 packets remotely...
CVE-2019-0228
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...
Microsoft Windows EMF File Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...
Microsoft Windows EMF File Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...
The vulnerability of the Hot Standby Router Protocol component in Cisco IOS XE and Cisco IOS operating systems allows attackers to compromise the confidentiality of protected information.
The vulnerability of the Hot Standby Router Protocol HSRP component in Cisco IOS XE and Cisco IOS operating systems is related to incorrect initialization of resources. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by security measures...
kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members
A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...
CVE-2019-0782
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775...
Information disclosure
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from...
Cisco IOS Software Hot Standby Router Protocol Information Leak Vulnerability
According to its self-reported version, Cisco IOS Software is affected by following vulnerability - A vulnerability in the Hot Standby Router Protocol HSRP subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information fro...
CVE-2018-4431
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2...
CVE-2018-4421
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1...
CVE-2018-4413
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1...