K70938105: Expat XML library vulnerability CVE-2016-5300

Security Advisory Description The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete...

K44691188: Intel TXE / SPS vulnerabilities CVE-2020-0566, CVE-2020-0586

Security Advisory Description CVE-2020-0566 Improper Access Control in subsystem for IntelR TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2020-0586 Improper initialization in subsystem for IntelR SPS...

K72225092: Linux kernel vulnerability CVE-2015-8746

Security Advisory Description fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service NULL pointer dereference and panic via crafted network traffic...

K37510383: Linux kernel SCTP vulnerability CVE-2015-5283

Security Advisory Description The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service panic or memory corruption by creating SCTP sockets before all of the steps...

The vulnerability in the implementation of the SNP_INIT command during the loading of microprogramming software for AMD processors allows a attacker to influence the integrity of the protected information.

The vulnerability of the SNPINIT implementation in the loading of microprogramming software for AMD processors is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to influence the integrity of the protected information...

GHSA-R2H5-3HGW-8J34 User data in TPM attestation vulnerable to MITM

Impact Attestation user data such as the digest of the public key in an aTLS connection was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In...

User data in TPM attestation vulnerable to MITM

Impact Attestation user data such as the digest of the public key in an aTLS connection was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In...

CVE-2022-34153

Improper initialization in the IntelR Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-34153

Improper initialization in the IntelR Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

Input validation

Improper initialization in the IntelR TXT SINIT ACM for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

Input validation

Improper initialization in the IntelR Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-30704

The CVE-2022-30704 issue relates to improper initialization in the Intel TXT SINIT ACM for certain Intel processors. The underlying effect is a potential privilege escalation via local access by a privileged user. Documents specify the affected component as the Intel TXT SINIT ACM within BIOS/fir...

SUSE-SU-2023:0435-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.6.0+10: - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections bsc1207246. - CVE-2023-21843: Fixed soundbank URL remote loading bsc1207248. Bugfixes: - Avoid calling CGetInfo too early, before...

SUSE CVE-2022-46397

FP.io VPP Vector Packet Processor 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode...

PT-2023-13017 · Intel · Intel Txt Sinit Acm

Name of the Vulnerable Software and Affected Versions: IntelR TXT SINIT ACM for some IntelR Processors affected versions not specified Description: The issue is related to improper initialization in the IntelR TXT SINIT ACM for some IntelR Processors. This may allow a privileged user to potential...

Intel Processors 安全漏洞

Intel Processors are U.S.-based companies of Intel Corporation that provide for the interpretation of computer instructions and the processing of data in computer software. A security vulnerability exists in Intel Processors that originates from an incorrect initialization in the IntelR TXT SINIT...

Intel Processors 安全漏洞

Intel Processors are U.S.-based Intel Corporation's offerings for interpreting computer instructions and processing data in computer software. A security vulnerability exists in the IntelR Processors BIOS firmware that originates from an incorrect initialization in the firmware and could allow a...

SUSE CVE-2004-1392

PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...

SUSE CVE-2006-4514

Heap-based buffer overflow in the oleinforeadmetabat function in Gnome Structured File library libgsf 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large nummetabat value in an OLE document, which causes the oleinitinfo function to...

SUSE CVE-2006-5749

The isdnpppccpresetallocstate function in drivers/isdn/isdnppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the inittimer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash...