CVE-2006-0379

The CVE-2006-0379 issue affects FreeBSD 5.4-STABLE and 6.0, where a kernel-stack buffer is not fully initialized before being copied to userland, allowing local disclosure of kernel memory. The impact includes exposure of memory contents such as file-cache or terminal buffers, potentially aiding ...

Apple SA 2003-12-19

The remote host is missing Security Update 2003-12-19. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Movable Type Initialization Script Disclosure Vulnerability - Active Check

mt-load.cgi is installed by the Movable Type Publishing Platform. SPDX-FileCopyrightText: 2004 Rich Walchuck Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2005-3418

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 errormsg parameter to usercpregister.php, 2 forwardpage parameter to login.php, and 3 listcat parameter to search.php, which are not initialized as...

GLSA-200505-15 : gdb: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200505-15 gdb: Multiple vulnerabilities Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely...

CVE-2005-0400

The ext2makeempty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block...

CVE-2005-0400

The ext2makeempty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block...

CVE-2005-1036

The CVE-2005-1036 issue affects FreeBSD/amd64 5.x up to 5.4 where the IO permission bitmap was not properly initialized, allowing unprivileged local users to bypass access restrictions and potentially cause denial of service, disclosure of sensitive information, or privilege escalation. Relevant ...

PT-2005-2058 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 5.x through 5.4 on AMD64 Description: The issue allows local users to bypass intended access restrictions, potentially causing a denial of service, obtaining sensitive information, and possibly gaining privileges due to the...

CVE-2005-0400

The ext2makeempty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block...

CVE-2005-0400

The CVE-2005-0400 issue affects the Linux kernel ext2 file system: ext2_make_empty does not initialize memory when allocating a new directory entry block, enabling local users to read potentially sensitive data from the block. The documented fix is in kernel update 2.6.11.6 (and related Red Hat/U...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner...

Low: Red Hat Security Advisory: squirrelmail security update

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecur...

RHEL 3 : squirrelmail (RHSA-2005:135)

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecur...

Debian DSA-580-1 : iptables - missing initialisation

Faheem Mitha noticed that the iptables command, an administration tool for IPv4 packet filtering and NAT, did not always load the required modules on its own as it was supposed to. This could lead to firewall rules not being loaded on system startup. This caused a failure in connection with rules...

Linux kernel USB drivers do not initialize kernel memory properly

Overview Various Linux USB drivers contain an information disclosure vulnerability that may expose sensitive segments of kernel memory to users. Description USB drivers for several versions the Linux kernel do not properly initialize kernel memory before using it. When an affected USB driver copi...

Debian DSA-117-1 : cvs - improper variable initialization

Kim Nielsen recently found an internal problem with the CVS server and reported it to the vuln-dev mailing list. The problem is triggered by an improperly initialized global variable. A user exploiting this can crash the CVS server, which may be accessed through the pserver service and running...

CVE-2004-0535

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources...

CVE-2004-0535

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources...

php -- memory_limit related vulnerability

Stefan Esser of e-matters discovered a condition within PHP that may lead to remote execution of arbitrary code. The memorylimit facility is used to notify functions when memory contraints have been met. Under certain conditions, the entry into this facility is able to interrupt functions such as...