CVE-2010-3073

SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

DEBIAN-CVE-2010-3073

SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

DEBIAN-CVE-2010-3075

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...

Design/Logic Flaw

SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

CVE-2010-3073

SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

UBUNTU-CVE-2010-3075

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...

CVE-2010-3073

SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

Design/Logic Flaw

The subpage MMIO initialization functionality in the subpageregister function in exec.c in QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS...

CVE-2009-3737

The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document...

CVE-2009-3737

CVE-2009-3737 concerns Oracle Siebel Option Pack for IE ActiveX control. The vulnerability stems from improper memory initialization in the NewBusObj method, enabling remote code execution via a crafted HTML document. CERT and Red Hat entries corroborate remote execution potential and provide mit...

CVE-2009-3737

The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document...

kernel: sctp: crash due to malformed SCTPChunkInit packet

The sctpprocessunkparam function in net/sctp/smmakechunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service system crash via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data...

Double free

Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."...

PT-2010-3512 · Microsoft · Windows Vista +3

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through SP2 Description: The issue is related to object initialization during error handling, allowing local users to gain privileges via a crafted...

Oracle Siebel Option Pack for IE ActiveX控件内存初始化漏洞

CVE ID: CVE-2009-3737 Siebel Option Pack for IE是Oracle Siebel CRM软件所提供的ActiveX控件。 Siebel Option Pack for IE ActiveX控件没有正确地初始化由NewBusObj方式所使用的内存，用户受骗访问了恶意网页并用特制参数调用该方式就可能导致执行任意代码。 Oracle Siebel Option Pack for IE 7.x 临时解决方法： 将以下文本保存为.REG文件并导入： Windows Registry Editor Version 5.00...

Oracle Siebel Option Pack for IE ActiveX control memory initialization vulnerability

Overview The Oracle Siebel Option Pack for IE ActiveX control fails to properly initialize memory, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Siebel Option Pack for IE is an ActiveX control that is provided by Oracle Siebel...

Fedora 13 : gnupg2-2.0.14-4.fc13 (2010-11413)

Fri Jul 23 2010 Rex Dieter - 2.0.14-4 - gpgsm realloc patch - Fri Jun 18 2010 Tomas Mraz - 2.0.14-3 - initialize small amount of secmem for list of algorithms in help 598847 necessary in the FIPS mode of libgcrypt Note that Tenable Network Security has extracted the preceding description block...

MDVA-2010:017 : consolekit

A incorrect initialisation in consolekit daemon could prevent automount of removable media under GNOME or KDE environment. This package update fixes this issue it requires restarting the system to take effect. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patc...

DEBIAN-CVE-2010-0212

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service crash via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smrnormalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schemainit.c, as...

openSUSE Security Update : ghostscript-devel (openSUSE-SU-2010:0425-1)

Specially crafted postscript .ps files could cause buffer overflows in ghostscript that could potentially be exploited to execute arbitrary code CVE-2010-1628, CVE-2010-1869, CVE-2009-4270 ghostscript by default read some initialization files from the current working directory. Local attackers...