Lucene search
+L

1549 matches found

OSV
OSV
added 2014/11/23 2:59 a.m.5 views

UBUNTU-CVE-2014-8712

The buildexpertdata function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service application crash via a crafted packet...

5CVSS6.4AI score0.03101EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/11/17 6:11 p.m.8 views

bash: off-by-one error in deeply nested flow control constructs

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash...

10CVSS6.9AI score0.58462EPSS
Exploits12References4
OSV
OSV
added 2014/11/14 3:59 p.m.5 views

DEBIAN-CVE-2014-8567

The modauthmellon module before 0.8.1 allows remote attackers to cause a denial of service Apache HTTP server crash via a crafted logout request that triggers a read of uninitialized data...

9.4CVSS6.7AI score0.03588EPSS
Exploits0References1
OSV
OSV
added 2014/11/14 3:59 p.m.6 views

CVE-2014-8567

The modauthmellon module before 0.8.1 allows remote attackers to cause a denial of service Apache HTTP server crash via a crafted logout request that triggers a read of uninitialized data...

6.2AI score
Exploits0References8
Prion
Prion
added 2014/11/14 3:59 p.m.21 views

Design/Logic Flaw

The modauthmellon module before 0.8.1 allows remote attackers to cause a denial of service Apache HTTP server crash via a crafted logout request that triggers a read of uninitialized data...

9.4CVSS6.8AI score0.03588EPSS
Exploits0References6Affected Software7
UbuntuCve
UbuntuCve
added 2014/11/14 3:59 p.m.33 views

CVE-2014-8567

The modauthmellon module before 0.8.1 allows remote attackers to cause a denial of service Apache HTTP server crash via a crafted logout request that triggers a read of uninitialized data...

9.4CVSS5.9AI score0.03588EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/11/14 3:0 p.m.30 views

CVE-2014-8567

The modauthmellon module before 0.8.1 allows remote attackers to cause a denial of service Apache HTTP server crash via a crafted logout request that triggers a read of uninitialized data...

6.2AI score0.03588EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2014/11/06 12:0 a.m.27 views

RedHat Update for mod_auth_mellon RHSA-2014:1803-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS6.5AI score0.03588EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/11/06 12:0 a.m.37 views

RHEL 6 : mod_auth_mellon (RHSA-2014:1803)

An updated modauthmellon package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

9.4CVSS5.4AI score0.03588EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/11/05 9:51 a.m.29 views

Important: Red Hat Security Advisory: mod_auth_mellon security update

An updated modauthmellon package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

9.4CVSS5.8AI score0.03588EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/11/05 9:51 a.m.5 views

mod_auth_mellon: logout processing leads to denial of service

It was found that uninitialized data could be accessed when processing a user's logout request. By attempting to log out, a user could possibly cause the Apache HTTP Server to crash...

9.4CVSS5.7AI score0.03588EPSS
Exploits0References4
Prion
Prion
added 2014/07/15 2:55 p.m.14 views

Privilege escalation

FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a 1 SCTPSNDRCV, 2 SCTPEXTRCV, or 3 SCTPRCVINFO SCTP cmsg or a 4 SCTPPEERADDRCHANGE, 5...

4.9CVSS6AI score0.0035EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2014/06/23 11:21 a.m.1 views

DEBIAN-CVE-2014-1739

The mediadeviceenumentities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIAIOCENUMENTITIES ioctl...

2.1CVSS7.9AI score0.01121EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2014/03/31 4:36 p.m.6 views

wireshark: SIP dissector crash (wnpa-sec-2013-63)

The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service application crash via a crafted packet...

4.3CVSS5.9AI score0.01673EPSS
Exploits0References5
OSV
OSV
added 2014/01/18 12:0 a.m.5 views

UBUNTU-CVE-2014-1444

The fstgetiface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAPNETADMIN capability for an SIOCWANDEV ioctl call...

1.7CVSS6.7AI score0.00338EPSS
Exploits1References12
OSV
OSV
added 2014/01/18 12:0 a.m.4 views

UBUNTU-CVE-2014-1445

The wanxlioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call...

2.1CVSS6.7AI score0.00414EPSS
Exploits1References12
OSV
OSV
added 2014/01/08 12:0 a.m.3 views

UBUNTU-CVE-2013-7281

The dgramrecvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2...

4.9CVSS6.6AI score0.0048EPSS
Exploits0References18
OSV
OSV
added 2014/01/06 12:0 a.m.5 views

UBUNTU-CVE-2013-7270

The packetrecvmsg function in net/packet/afpacket.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a 1 recvfrom, 2 recvmmsg, or...

4.9CVSS6.6AI score0.0048EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2013/12/12 7:13 p.m.6 views

Kernel: signal: information leak in tkill/tgkill

The dotkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a 1 tkill or 2 tgkill system call...

2.1CVSS7.1AI score0.00593EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/12/12 6:56 p.m.7 views

nss: Avoid uninitialized data read in the event of a decryption failure

Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure...

5CVSS6.8AI score0.03406EPSS
Exploits0References4
Rows per page
Query Builder