CVE-2014-4419

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371,...

CVE-2014-4420

The CVE-2014-4420 entry describes a kernel memory initialization flaw in the network-statistics interface of Apple iOS (pre-8) and Apple TV (pre-7). A crafted application could leak memory contents and layout information from the kernel, similarly to other CVEs in the bundle. The root cause is me...

CVE-2014-4419

CVE-2014-4419: Kernel memory disclosure via uninitialized memory in the Apple OS X/iOS network statistics interface (kernel). The issue allows a crafted application to obtain sensitive memory content and memory-layout information. Affected platform references in the public data point to OS X kern...

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4084)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

CVE-2014-1564

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated...

CVE-2014-1564

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated...

Mozilla Thunderbird < 31.1

The version of Thunderbird installed on the remote Windows host is prior to 31.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2014-69 advisory. - Apparent info leak caused by uninitialized memory with malformed GIFsCVE-2014-1564 CVE-2014-1564 Note that Nessus has not...

Firefox ESR 31.x < 31.1 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary...

CVE-2014-1564

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated...

Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-2824)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...

Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-4063)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

DEBIAN-CVE-2014-5163

The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...

CVE-2014-5163

The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...

CVE-2014-5163

The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...

KLA10400 DoS vulnerabilities in Wireshark

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities 1. Improper handling of n and r symbols can be exploited remotely via a specially designed packet; 2. Improper...

UBUNTU-CVE-2014-5077

The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and OOPS by starting to establish an association between two endpoints immediately after an...

Patch Management: Dell KACE K1000 Computer Info Initialization

Binary data dellkacek1000getcomputerinfo.nbin...

VulnCheck KEV: CVE-2019-25141

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to...

mcollective -- cert valication issue

Melissa Stone reports: The MCollective aessecurity public key plugin does not correctly validate certs against the CA. By exploiting this vulnerability within a race/initialization window, an attacker with local access could initiate an unauthorized MCollective client connection with a server, an...

Design/Logic Flaw

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...