153 matches found
DEBIAN-CVE-2020-24586
The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that received fragments be cleared from memory after reconnecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using...
chromium-browser: Uninitialized Use in V8
The Mozilla Foundation Security Advisory describes this flaw as: When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read...
SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)
This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...
Unspecified Vulnerability in Mattermost Mobile Apps (CNVD-2020-35186)
Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps prior to version 1.26.0, which can be exploited by an attacker to obtain sensitive information due to the program's failure to clear cookie data after a user log...
UBUNTU-CVE-2019-20637
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the...
Vulnerability in packaging (CVE-2019-10128)
EnterpriseDB Windows installer does not clear permissive ACL entries Due to both the EnterpriseDB and BigSQL Windows installers not locking down the permissions of the PostgreSQL binary installation directory and the data directory, an unprivileged Windows user account and an unprivileged...
CVE-2018-6053
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page...
CVE-2017-18314
In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660,...
Arris Touchstone Telephony Gateway TG1682G Privileged Access Vulnerability
The Arris Touchstone Telephony Gateway TG1682G is an all-in-one Modem modem router from the Arris Group of Companies. A security vulnerability exists in the Arris Touchstone Telephony Gateway TG1682G version 9.1.103J6, which stems from a logout operation that fails to immediately clear all state ...
Google Android has an unspecified vulnerability (CNVD-2018-10121)
Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Qualcomm FSM9055 and other central processing unit CPU products from Qualcomm for different platforms. A security vulnerability exists in the Qualcomm closed-source component ...
USN-3422-1 linux vulnerabilities
It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2017-1000251 It was discovered that the asynchronous I/O aio...
CVE-2016-2976
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936...
CVE-2016-2976
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936...
Linux Kernel 'drivers/acpi/acpica/psobject.c' Local Information Disclosure Vulnerability
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A local information disclosure vulnerability exists in the 'acpipscompletefinalop' function in the drivers/acpi/acpica/psobject.c file in Linux kernel 4.12.9 and earlier, whic...
kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)
A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAPFSETID, the setgid bit is cleared in inodechangeok. Setting a POSIX ACL via 'setxattr' sets the file permissions as well as...
Samsung Smartcam Remote Command Execution Vulnerability
Samsung Smartcam is Samsung's smart webcam. A remote command execution vulnerability exists in Samsung Smartcam. Due to improperly cleared iWatch firmware upgrade filename, a remote attacker can exploit the vulnerability to remotely execute commands by constructing a special request to inject...
OsiriX DICOM Viewer 8.0.1 (dulparse.cc) Remote Memory Corruption
!/usr/bin/env python -- coding: utf8 -- OsiriX DICOM Viewer 8.0.1 dulparse.cc Remote Memory Corruption Vulnerability Vendor: Pixmeo Sarl Product web page: http://www.osirix-viewer.com Affected version: OsiriX 8.0.1 Summary: With high performance and an intuitive interactive user interface, OsiriX...
OsiriX DICOM Viewer 8.0.1 (dulparse.cc) Remote Memory Corruption Vulnerability
Summary With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your...
OsiriX DICOM Viewer 8.0.1 - Memory Corruption
OsiriX DICOM Viewer 8.0.1 - Memory Corruption !/usr/bin/env python -- coding: utf8 -- OsiriX DICOM Viewer 8.0.1 dulparse.cc Remote Memory Corruption Vulnerability Vendor: Pixmeo Sarl Product web page: http://www.osirix-viewer.com Affected version: OsiriX 8.0.1 Summary: With high performance and a...
Microsoft Windows Privilege Elevation Vulnerability (CNVD-2016-01581)
Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows, which arises from a program's failure to properly clear handles in memory. An attacker could exploit the vulnerability to run arbitra...