268 matches found
CVE-2017-1000410
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. B...
CVE-2017-1000410
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. B...
The vulnerability of the Cisco IOS operating system, which arises from the lack of initialization for variables, allowing attackers to trigger a service failure.
The vulnerability of the Cisco IOS operating system is related to the absence of initialization for variables. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service failures such as waste of computing resources, resetting of watchdog timers, and system...
Cisco IOS Denial of Service Vulnerability (CNVD-2017-20387)
Cisco IOS is an operating system developed by Cisco for its network devices. A security vulnerability exists in IOS versions prior to 15.24S6, which stems from a program failure to initialize variables. A remote attacker could exploit this vulnerability to cause a denial of service CPU consumptio...
Internet Bug Bounty: use of uninitialized variables in operator.methodcaller
I described this vulnerability in detail in a mail to the PSRT. A copy of my email, plus the fix for this issue, can be found here: https://bugs.python.org/issue27783...
PT-2016-3448 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue was found in the netlink dump function. This occurs when the Netlink socket receives a message of type XFRM MSG GETSA or XFRM MSG GETPOLICY with the DU...
The vulnerability of the Android operating system, which allows a perpetrator to bypass security measures or obtain confidential information
The vulnerability of the BnGraphicBufferConsumer::onTransact function libs/gui/IGraphicBufferConsumer.cpp in the mediaserver component of the Android operating system exists due to the lack of initialization for certain types of variables. Exploiting this vulnerability could allow a malicious act...
NTP logconfig configuration command denial of service vulnerability
Network Time Protocol is a protocol used to synchronize a computer's time to its server or clock source e.g., quartz clock, GPS, etc.. NTP crashes due to uninitialized variables when processing the malformed logconfig configuration command ntpd, allowing remote attackers to exploit the...
Kernel: crypto: algif - suppress sending source address information in recvmsg
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hashrecvmsg function in crypto/algifhash.c and the...
SuSE9 Security Update : ethereal (YOU Patch Number 12708)
This ethereal update fixes the use of uninitialized variables. CVE-2011-1590 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid54993; scriptversion"1.5";...
Dozens of Bugs Found in One Version of Android Kernel
Security researchers found dozens of high risk security holes in the software used to run specific Android mobile devices, but that’s still a lot better than industry averages, according to a new report. Coverity, an application code testing firm, analyzed the source code for HTC’s Droid Incredib...
SuSE 10 Security Update : clamav (ZYPP Patch Number 4169)
This is an update to ClamAV 0.91.2 to fix various bugs like NULL pointer dereferences and uninitialized variables etc. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
waraxe-2007-SA-048.txt
waraxe-2007-SA048 - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke Author: Janek Vind "waraxe" Date: 13. April 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-48.html Target software description: VWar module for PhpNuke http://www.vwar.de/ VWar is a webbased...
Irokez Blog 0.7.1 - Multiple Remote File Inclusions
Irokez Blog 0.7.1 - Multiple Remote File Inclusions +------------------------------------------------------------------------------------------- + Irokez CMS +------------------------------------------------------------------------------------------- + Details: + Irokez CMS has several scripts...
CVE-2006-3390
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the 1 wp-admin, 2 wp-content, and 3 wp-includes directories, possibly due to uninitialized variables...
DEBIAN-CVE-2006-3390
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the 1 wp-admin, 2 wp-content, and 3 wp-includes directories, possibly due to uninitialized variables...
CVE-2006-3390
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the 1 wp-admin, 2 wp-content, and 3 wp-includes directories, possibly due to uninitialized variables...
CVE-2006-3390
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the 1 wp-admin, 2 wp-content, and 3 wp-includes directories, possibly due to uninitialized variables...
Mandrake Linux Security Advisory : netpbm (MDKSA-2005:199)
Pnmtopng in netpbm 10.2X, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap PNM images to Portable Network Graphics PNG, which might allow attackers to execute arbitrary code by modifying the stack. Netpbm 9.2X is not affected by this...
CVE-2005-3418
Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 errormsg parameter to usercpregister.php, 2 forwardpage parameter to login.php, and 3 listcat parameter to search.php, which are not initialized as...