Insecure Encryption

Overview parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used b...

Linux: Read Shell Initialization files (KB)

When the shell is invoked, there are certain initialization/startup files it reads which help to setup an environment for the shell itself and the system user. That is predefined and customized functions, variables, aliases and so on. C Aaron Kili, 2017. Files to consider: /etc/profile,...

CVE-2019-19411

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

CVE-2019-10561

Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

Design/Logic Flaw

While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009,...

Input validation

Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2019-10561

Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2019-10548

While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009,...

Amazon Linux 2 : tcpdump (ALAS-2020-1385)

The version of tcpdump installed on the remote host is prior to 4.9.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1385 advisory. In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because...

CVE-2019-19083

A memory leak flaw was found in the Linux kernel. A system crash occurs under very specific, hard to obtain conditions, when the AMD GPU Display Engine configuration initialization handles resource cleaning when a failure occurs. The highest threat from this vulnerability is system availability...

Sandbox Restrictions Bypass

github.com/opencontainers/runc is vulnerable to sandbox restrictions bypass. An attacker who controls the container image for two containers that share a volume will be able to mount arbitrary volumes in a race condition during container initialization via a symlink that is added to the rootfs...

ALPINE-CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

Low: tcpdump

Issue Overview: In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because of missing initialization. CVE-2018-19519 Affected Packages: tcpdump Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

CVE-2018-1118

The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file...

CVE-2020-6162

An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroupsinit function in dirlist.c...

CVE-2019-17021

During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 68.4 and Firefo...