98 matches found
CVE-2020-27208
The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...
Apple iTunes 安全漏洞
Apple iTunes is a suite of media player applications from Apple Inc. that are used to play and manage digital music and video files. A security vulnerability exists in versions of iTunes prior to 12.11.3, which arises from incorrect initialization within the CFNetwork component when processing...
Corel Parallels Desktop 缓冲区错误漏洞
Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the Toolgate component in Parallels Desktop version 15.1.4-47270. The vulnerability stems from failure to properly initialize memory before accessing it. A local attacker could exploit t...
The vulnerability of the initialization procedure for Cisco IOS XE microprogrammed software on Cisco 1100 Series routers allows a hacker to execute arbitrary code.
The vulnerability of the initialization procedure for Cisco IOS XE microprogrammed software on Cisco 1100 Series routers exists because measures to neutralize special elements used in the operating system commands have not been taken. Exploiting this vulnerability can allow an attacker to execute...
Design/Logic Flaw
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the doff field of the dirent structures returned by VOPREADDIR. In particular, tmpfs5, smbfs5, autofs5...
Race condition
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...
Cisco IOS XE Arbitrary Code Execution Vulnerability (CNVD-2021-22188)
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An arbitrary code execution vulnerability exists in the hardware initialization routines of Cisco IOS XE. The vulnerability stems from incorrect validation of parameters passed to...
grub2: Out-of-bounds write in grub_usb_device_initialize()
A flaw was found in grub2. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the...
Information Disclosure
kernel is vulnerable to information disclosure. A missing initialization flaw in the XFS file system implementation could lead to an information leak...
Information Disclosure
kernel is vulnerable to information disclosure. Missing initialization flaws in the Linux kernel could lead to information leaks...
CVE-2020-8882
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Intel SGX SDK Elevation of Privilege Vulnerability
Intel SGX SDK is a set of software development kits based on SGX Intel Software Security Extensions technology from the U.S. company Intel Intel. A security vulnerability exists in versions of Intel SGX SDK prior to v2.6.100.1, which originates from an incorrect initialization of the program. A...
kernel: null pointer dereference in drivers/net/ethernet/intel/fm10k/fm10k_main.c
A flaw was found in the way the fm10k driver in the Linux kernel reacted to memory-related errors during driver initialization. This flaw allows a local attacker to cause a denial of service and crash the system...
Foxit PhantomPDF < 8.3.11 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.11. It is, therefore affected by multiple vulnerabilities: - An uninitialized pointer flaw exists when calling xfa.event.rest XFA JavaScript that can cause the...
Cisco IOS and IOS XE HSRP Information Disclosure Vulnerability
Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. A security vulnerability exists in the Hot Standby Router Protocol subsystem in Cisco IOS and IOS XE, which arises from a program's failure to adequately initialize memory. An attacker could exploit th...
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
UBUNTU-CVE-2018-10115
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...
NVIDIA GPU Display Driver Denial of Service Vulnerability (CNVD-2017-30719)
NVIDIA GPU Display Driver is a graphics processor GPU graphics card driver from NVIDIA. kernel mode layer handler is one of the kernel mode layer handler. A security vulnerability exists in the kernel mode layer handler in the NVIDIA GPU Display Driver, which is caused by the program failing to...
Microsoft Windows kernel information disclosure vulnerability (CNVD-2017-32963)
Microsoft Windows Server 2008 SP2 is a series of operating systems released by Microsoft. kernel component is one of the kernel components. An information disclosure vulnerability exists in the kernel component of Microsoft Windows, which arises from a program's failure to properly initialize...
CVE-2017-8477
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly...