UBUNTU-CVE-2019-12098

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5initcredsstep in lib/krb5/initcredspw.c...

CVE-2019-12098

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5initcredsstep in lib/krb5/initcredspw.c...

Fedora Update for pacemaker FEDORA-2019-b502250ba4

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Design/Logic Flaw

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...

CVE-2018-18979

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...

CVE-2018-18979

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...

CVE-2018-18979

The CVE-2018-18979 entry documents a vulnerability in the Ascensia Contour NEXT ONE Android app (pre-2019-01-15) caused by a statically coded initialization vector in the app’s crypto. This enables extraction of the IV to decipher communications with the backend server. When combined with another...

[SECURITY] Fedora 29 Update: pacemaker-2.0.0-5.fc29

Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be...

CenturyStar WebViewer.ocx Control Da*** and Other Initialization Parameters Global Variable Overflow Vulnerability

Century Star Configuration Software is an obstruction software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility program generator, which consists of CSMaker development system and CSViewer operation system. An overflow vulnerability exist...

Stack Overflow Vulnerability in CenturyStar WebViewer.ocx Control Fl*** Initialization Parameters

Century Star Configuration Software is an obstruction software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility program generator, which consists of CSMaker development system and CSViewer operation system. A stack overflow vulnerability...

Denial Of Service (DoS)

Apache httpd is vulnerable to denial of service attacks. The modauthdigest component does not properly initialize memory used to process 'Digest' type HTTP Authorization headers allowing a remote attacker to send a specially crafted request to view potentially sensitive information from the...

Information Disclosure

kernel-rt is vulnerable to information disclosure. The vulnerability exists as the rfcommsockrecvmsg function in net/bluetooth/rfcomm/sock.c does not initialize a certain length variable...

Information Disclosure

kernel-rt is vulnerable to information disclosure. The vulnerability exists as the btsockrecvmsg function in net/bluetooth/afbluetooth..c does not initialize a certain length variable...

Information Disclosure

kernel-rt is vulnerable to information disclosure. The vulnerability exists as the net/dcb/dcbnl.c does not initialize certain structures...

CVE-2019-0228

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...

Microsoft Windows EMF File Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

Microsoft Windows EMF File Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...

CVE-2019-0782

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775...

Information disclosure

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from...