CVE-2014-5386

The mcryptcreateiv function in hphp/runtime/ext/mcrypt/extmcrypt.cpp in Facebook HipHop Virtual Machine HHVM before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single...

齐博地方门户系统sql注入

简要描述： 变量未初始化导致注入 详细说明： 齐博地方门户系统 齐博的全局过滤系统中由于存在如下代码，导致传入的参数可以成为全局变量 foreach$COOKIE AS $key=$value unset$$key; foreach$POST AS $key=$value !ereg"^\A-Z+",$key && $$key=$POST$key; foreach$GET AS $key=$value !ereg"^\A-Z+",$key && $$key=$GET$key; 所以系统中如果存在未初始化的变量，容易导致注入 2shou/post.php中 180行...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)

This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-55 - freezer: set PFSUSPENDTASK flag on tasks that call freezeprocesses Colin Cross Orabug: 20082843 3.8.13-54 - netfilter: nfnat: fix oops on netns removal Florian Westphal Orabug: 19988779 - tcp: tsq: restore minimal amount of queueing Eric Dumazet Orabug: 19909542 - qedf: Fix...

Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory — Mozilla

Security researcher Kent Howard reported an Apple issue present in OS X 10.10 Yosemite where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X fr...

CVE-2014-8476

The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer...

CVE-2014-8476

The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer...

CVE-2014-8476

Removed by vendor...

Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions

A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system...

SOL15730 - OpenSSH vulnerability

The mmnewkeysfromblob function in monitorwrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet dat...

CVE-2014-1580

Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element...

Information disclosure

Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element...

UBUNTU-CVE-2014-1580

Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element...

CVE-2014-7284

The netgetrandomonce implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by...

Moderate: Red Hat Security Advisory: libvirt security and bug fix update

Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CVE-2014-6428

CVE-2014-6428 affects the SES dissector in Wireshark (epan/dissectors/packet-ses.c). The flaw: dissect_spdu does not initialize a certain ID value, enabling a crafted packet to crash the application (DoS). Affected Wireshark versions: 1.10.x prior to 1.10.10 and 1.12.x prior to 1.12.1. Remediatio...

CVE-2014-4419

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371,...

CVE-2014-4421

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371,...

CVE-2014-4407

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls...

Design/Logic Flaw

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371,...