183 matches found
CVE-2022-35414
CVE-2022-35414 affects QEMU
CVE-2022-35414
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translatefail path, leading to an ioreadx or iowritex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use ca...
CVE-2022-35414
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translatefail path, leading to an ioreadx or iowritex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use ca...
PT-2022-3768 · Qemu +4 · Qemu +4
Name of the Vulnerable Software and Affected Versions: QEMU versions prior to 7.0.0 Description: The issue in QEMU's softmmu/physmem.c file can lead to an uninitialized read on the translate fail path, resulting in an io readx or io writex crash. A third party notes that this might not be...
GHSA-4HM9-844J-JMXP Uninitialized read in Nokogiri gem
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...
Uninitialized read in Nokogiri gem
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...
DEBIAN-CVE-2022-20008
In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-21966
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-21966
The TI CC3200 SimpleLink Solution NWP 2.9.0.0 HTTP Server component exposes /ping.html to unauthenticated POST requests. A POST with parameters __SL_P_T.A/B/C can trigger an uninitialized read, causing information disclosure. TALOS-2021-1393 documents the root cause as CWE-457 (Use of Uninitializ...
CentOS 8 : php:7.2 (CESA-2020:1624)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1624 advisory. - php: Buffer over-read in PHAR reading functions CVE-2018-20783 - php: Heap buffer overflow in function exifprocessIFDTAG CVE-2019-11034 - php: Heap...
CVE-2020-6107
An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2020-6107
An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability...
DEBIAN-CVE-2020-6107
An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2020-6107
An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability...
UBUNTU-CVE-2020-6107
An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2020-6107
CVE-2020-6107 affects F2fs-tools F2fs.Fsck 1.13. The vulnerability is in the dev_read functionality of F2fs.Fsck, where a specially crafted f2fs filesystem can trigger an uninitialized read, leading to information disclosure. Attacker-controlled input (a malicious file) is sufficient to trigger t...
CVE-2020-6107
An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2020-6107
An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability...
EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2020-1969)
According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated we...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1969)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...