210 matches found
CVE-2019-15875
In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel da...
FreeBSD : FreeBSD -- kernel stack data disclosure (6025d173-4279-11ea-b184-f8b156ac3ff9)
Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Impact : Sensitive kernel data may be disclosed. C Tenable Network Security, Inc. The descriptive text and package checks in...
CVE-2019-14060
Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...
Code injection
Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...
CVE-2019-14060
CVE-2019-14060 is a vulnerability described as uninitialized stack data usage when memory for a blob is not allocated or is smaller than the required struct, caused by a missing check of the return value for read/write blob operations in Qualcomm Snapdragon components (Android/Snapdragon Auto, Co...
CVE-2019-14060
Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...
FreeBSD -- kernel stack data disclosure
Problem Description: Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Impact: Sensitive kernel data may be disclosed...
Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2020-1017)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : libxslt (EulerOS-SA-2020-1017)
According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length...
CVE-2019-5073
An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.0713 and 03.00.3912, and WAGO PFC100 Firmware version 03.00.3912. A specially crafted set of packets can cause an external tool to fail, resulting in...
CVE-2019-5073
An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.0713 and 03.00.3912, and WAGO PFC100 Firmware version 03.00.3912. A specially crafted set of packets can cause an external tool to fail, resulting in...
EulerOS Virtualization for ARM 64 3.0.2.0 : libxslt (EulerOS-SA-2019-1929)
According to the versions of the libxslt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an...
gd: Information disclosure in gdImageCreateFromXbm()
When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...
kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
A flaw was found in the Linux kernel's implementation of Logical Link Control and Adaptation Protocol L2CAP, part of the Bluetooth stack. An attacker, within the range of standard Bluetooth transmissions, can create and send a specially crafted packet. The response to this specially crafted packe...
SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2019:1867-1)
This update for libxslt fixes the following issues : Security issues fixed : CVE-2019-13118: Fixed a read of uninitialized stack data bsc1140101. CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters bsc1140095. Note th...
CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data...
DEBIAN-CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data...
CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data...
CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data...
CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data...