CVE-2018-20855

CVE-2018-20855 affects Linux kernel before 4.18.7. In mlx5InfiniBand, create_qp_common (mlx5_ib_create_qp_resp) was never initialized, leaking stack memory to userspace. Upstream fix shipped with kernel 4.18.7 (commit 0625b4ba1a5d4703c7fb01c497bd6c156908af00). Mitigation: upgrade to 4.18.7+ or ap...

CVE-2019-5601

In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding...

CVE-2019-5601

CVE-2019-5601 affects FreeBSD: kernel stack leakage in the UFS/FFS code. A bug in the FFS implementation can cause up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding, potentially exposing stack data. Impact: kernel stack disclosure; attacker ac...

CVE-2019-5601

Removed by vendor...

CVE-2019-7228

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

Internet Bug Bounty: Uninitialized read in gdImageCreateFromXbm

This bug is present in gdImageCreateFromXbm method of ext/gd/libgd/gdxbm.c file. This method contains below mentioned lines. c ... unsigned int b; ... sscanfh, "%x", &b; for bit = 1; bit = maxbit; bit = bit 1 gdImageSetPixelim, x++, y, b & bit ? 1 : 0; ... So when sscanf method is not able to rea...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1534-1) (SACK Panic) (SACK Slowness)

The SUSE Linux Enterprise 12 SP2 kernel version 4.4.121 was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel...

RUSTSEC-2019-0005 Format string vulnerabilities in `pancurses`

pancurses::mvprintw and pancurses::printw passes a pointer from a rust &str to C, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory...

Format string vulnerabilities in `pancurses`

pancurses::mvprintw and pancurses::printw passes a pointer from a rust &str to C, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory...

RUSTSEC-2019-0006 Buffer overflow and format vulnerabilities in functions exposed without unsafe

ncurses exposes functions from the ncurses library which: - Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc - Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a...

PT-2019-2567 · Abb · Abb Idal Ftp Server

Name of the Vulnerable Software and Affected Versions: ABB IDAL HTTP server affected versions not specified Description: The issue is related to the mishandling of format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%2...

PT-2019-2568 · Abb · Abb Idal Ftp Server

Name of the Vulnerable Software and Affected Versions: ABB IDAL FTP server affected versions not specified Description: The issue is related to the mishandling of format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the...

Amazon Linux AMI : kernel (ALAS-2019-1214)

A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create...

EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1516)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The hi3660stubclkprobe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows loca...

CVE-2019-11884

The dohidpsockioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character...

CVE-2019-11884

The dohidpsockioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character...

EulerOS Virtualization 2.5.3 : kvm (EulerOS-SA-2019-1369)

According to the version of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructio...

Information Disclosure

QEMU is vulnerable to information disclosure attacks. This is because the patchinstruction function in hw/i386/kvmvapic.c does not initialize the imm32 variable which allows a local attacker to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...

CVE-2019-8277

UltraVNC revision 1211 contains multiple memory leaks CWE-665 in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be...

CVE-2019-8277

UltraVNC revision 1211 contains multiple memory leaks CWE-665 in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be...