Secure BIOS/UEFI Set-up Incomplete in Lenovo E95 and ThinkCentre M710s/M710t - us

Lenovo Security Advisory: LEN-17417 Potential Impact: Unauthorized bootloader allowed to run during system boot, reducing protection against rootkits Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2017-3771 Summary Description: System boot process is not adequately secured...

Secure BIOS/UEFI Set-up Incomplete in Lenovo E95 and ThinkCentre M710s/M710t - Lenovo Support US

No description provided...

Incorrect handling of initialization vector in the GCM mode in OpenSSL

The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...

Updated weechat packages fix security vulnerability

It was discovered that logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized CVE-2017-14727...

Null pointer dereference

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where sqlite3steppStmt==SQLITEROW is false and a data structure is never initialized...

CVE-2017-15286

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where sqlite3steppStmt==SQLITEROW is false and a data structure is never initialized...

CVE-2017-15286

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where sqlite3steppStmt==SQLITEROW is false and a data structure is never initialized...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2017-30355)

Microsoft Windows Server 2016 and others are operating systems released by Microsoft USA. kernel is one of the kernels. An information disclosure vulnerability exists in kernel in Microsoft Windows, which stems from a program's failure to properly initialize objects in memory. An attacker can...

CVE-2017-11051

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function wlanhddcfg80211testmode since buffer hbparams is not initialized to zero...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

(0Day) Microsoft Windows WAV File Uninitialized Pointer Denial of Service Vulnerability

This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

Xxe

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2017-32532)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in WebExtensions in versions of Mozilla Firefox prior to Mozilla Firefox 56, which stems from the implementation of AES-GCM in the WebCrypto API accepting an IV...

BSA-2017-444

Security Advisory ID : BSA-2017-444 Component : DENX Das U-Boot Revision : 3.0: Final Das U-Boot is a devicebootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper...

File Upload Vulnerability in BEESCMS

BEESCMS is an enterprise website management system based on PHP+Mysql architecture. BEESCMS V4.0R20160525 version /includes/init.php file variable override script there is a file upload vulnerability, the attacker uses the vulnerability to upload arbitrary files, so as to obtain the front-end...

NVIDIA GPU Display Driver Denial of Service Vulnerability (CNVD-2017-30719)

NVIDIA GPU Display Driver is a graphics processor GPU graphics card driver from NVIDIA. kernel mode layer handler is one of the kernel mode layer handler. A security vulnerability exists in the kernel mode layer handler in the NVIDIA GPU Display Driver, which is caused by the program failing to...

CVE-2017-14727

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized...

CVE-2017-14727

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized...

Buffer overflow

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized...

CVE-2017-14727

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized...