Lucene search
K

98 matches found

OSV
OSV
added 2021/05/21 12:15 p.m.3 views

CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

6.8CVSS5.4AI score0.00328EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/04/26 12:0 a.m.2 views

Apple iTunes 安全漏洞

Apple iTunes is a suite of media player applications from Apple Inc. that are used to play and manage digital music and video files. A security vulnerability exists in versions of iTunes prior to 12.11.3, which arises from incorrect initialization within the CFNetwork component when processing...

6.5CVSS6.4AI score0.01224EPSS
Exploits0References14
CNNVD
CNNVD
added 2021/04/21 12:0 a.m.3 views

Corel Parallels Desktop 缓冲区错误漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the Toolgate component in Parallels Desktop version 15.1.4-47270. The vulnerability stems from failure to properly initialize memory before accessing it. A local attacker could exploit t...

6.5CVSS5.6AI score0.0043EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2021/04/13 12:0 a.m.6 views

The vulnerability of the initialization procedure for Cisco IOS XE microprogrammed software on Cisco 1100 Series routers allows a hacker to execute arbitrary code.

The vulnerability of the initialization procedure for Cisco IOS XE microprogrammed software on Cisco 1100 Series routers exists because measures to neutralize special elements used in the operating system commands have not been taken. Exploiting this vulnerability can allow an attacker to execute...

6.8CVSS7.2AI score0.00308EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/03/26 9:15 p.m.18 views

Design/Logic Flaw

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the doff field of the dirent structures returned by VOPREADDIR. In particular, tmpfs5, smbfs5, autofs5...

5CVSS5.1AI score0.02315EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2021/03/26 5:15 p.m.27 views

Race condition

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

4.4CVSS5.1AI score0.00225EPSS
Exploits0References3Affected Software2
CNVD
CNVD
added 2021/03/25 12:0 a.m.8 views

Cisco IOS XE Arbitrary Code Execution Vulnerability (CNVD-2021-22188)

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An arbitrary code execution vulnerability exists in the hardware initialization routines of Cisco IOS XE. The vulnerability stems from incorrect validation of parameters passed to...

7.2CVSS7.4AI score0.00308EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/03/02 7:23 p.m.3 views

grub2: Out-of-bounds write in grub_usb_device_initialize()

A flaw was found in grub2. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the...

7.6CVSS6.2AI score0.00794EPSS
Exploits0References4
Veracode
Veracode
added 2020/04/10 1:0 a.m.44 views

Information Disclosure

kernel is vulnerable to information disclosure. A missing initialization flaw in the XFS file system implementation could lead to an information leak...

2.1CVSS1.6AI score0.00399EPSS
Exploits1References13Affected Software2
Veracode
Veracode
added 2020/04/10 12:55 a.m.43 views

Information Disclosure

kernel is vulnerable to information disclosure. Missing initialization flaws in the Linux kernel could lead to information leaks...

2.1CVSS1.2AI score0.0042EPSS
Exploits1References33Affected Software2
OSV
OSV
added 2020/03/20 7:15 p.m.2 views

CVE-2020-8882

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.2AI score0.11057EPSS
Exploits0References2
CNVD
CNVD
added 2020/02/14 12:0 a.m.2 views

Intel SGX SDK Elevation of Privilege Vulnerability

Intel SGX SDK is a set of software development kits based on SGX Intel Software Security Extensions technology from the U.S. company Intel Intel. A security vulnerability exists in versions of Intel SGX SDK prior to v2.6.100.1, which originates from an incorrect initialization of the program. A...

7.8CVSS8.7AI score0.00406EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/11/05 8:56 p.m.5 views

kernel: null pointer dereference in drivers/net/ethernet/intel/fm10k/fm10k_main.c

A flaw was found in the way the fm10k driver in the Linux kernel reacted to memory-related errors during driver initialization. This flaw allows a local attacker to cause a denial of service and crash the system...

5.5CVSS7.1AI score0.00524EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.28 views

Foxit PhantomPDF < 8.3.11 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.11. It is, therefore affected by multiple vulnerabilities: - An uninitialized pointer flaw exists when calling xfa.event.rest XFA JavaScript that can cause the...

7.8CVSS7.6AI score0.07711EPSS
Exploits0References23
CNVD
CNVD
added 2019/03/28 12:0 a.m.3 views

Cisco IOS and IOS XE HSRP Information Disclosure Vulnerability

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. A security vulnerability exists in the Hot Standby Router Protocol subsystem in Cisco IOS and IOS XE, which arises from a program's failure to adequately initialize memory. An attacker could exploit th...

4.3CVSS6.6AI score0.00631EPSS
Exploits0References1
Prion
Prion
added 2018/05/17 3:29 p.m.19 views

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

4.3CVSS6.8AI score0.64074EPSS
Exploits10References4Affected Software2
OSV
OSV
added 2018/05/02 9:29 p.m.2 views

UBUNTU-CVE-2018-10115

Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...

7.8CVSS7.5AI score0.04726EPSS
Exploits1References4
CNVD
CNVD
added 2017/09/25 12:0 a.m.11 views

NVIDIA GPU Display Driver Denial of Service Vulnerability (CNVD-2017-30719)

NVIDIA GPU Display Driver is a graphics processor GPU graphics card driver from NVIDIA. kernel mode layer handler is one of the kernel mode layer handler. A security vulnerability exists in the kernel mode layer handler in the NVIDIA GPU Display Driver, which is caused by the program failing to...

5.5CVSS5.4AI score0.00359EPSS
Exploits0References1
CNVD
CNVD
added 2017/09/13 12:0 a.m.5 views

Microsoft Windows kernel information disclosure vulnerability (CNVD-2017-32963)

Microsoft Windows Server 2008 SP2 is a series of operating systems released by Microsoft. kernel component is one of the kernel components. An information disclosure vulnerability exists in the kernel component of Microsoft Windows, which arises from a program's failure to properly initialize...

4.7CVSS6AI score0.03677EPSS
Exploits2References1
OSV
OSV
added 2017/06/15 1:29 a.m.2 views

CVE-2017-8477

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly...

5CVSS5.8AI score0.0511EPSS
Exploits2References4
Rows per page
Query Builder