Lucene search
K

42 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.49 views

K08478022: Linux kernel vulnerability CVE-2017-7616

Security Advisory Description Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

5.5CVSS5.5AI score0.00413EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/02/14 12:0 a.m.28 views

WAGO I/O-CHECK Insertion of Sensitive Information Into Sent Data (CVE-2019-5073)

An exploitable information exposure vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware versions 03.01.0713 and 03.00.3912, and WAGO PFC100 Firmware version 03.00.3912. A specially crafted set of packets can cause an external tool to fail, resulting in...

5.3CVSS5.8AI score0.01621EPSS
Exploits1References3
OSV
OSV
added 2022/05/24 4:49 p.m.34 views

GHSA-CF46-6XXH-PC75 libxslt Type Confusion vulnerability that affects Nokogiri

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...

7.5CVSS6.7AI score0.05147EPSS
Exploits0References49
Github Security Blog
Github Security Blog
added 2022/05/24 4:49 p.m.42 views

libxslt Type Confusion vulnerability that affects Nokogiri

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...

5.3CVSS2.5AI score0.05147EPSS
Exploits0References50Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.30 views

libxslt Type Confusion vulnerability that affects Nokogiri

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...

5.3CVSS6.4AI score0.05147EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/02/07 5:15 a.m.26 views

CVE-2019-14060

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

7.8CVSS7.7AI score0.00202EPSS
Exploits0References1
Prion
Prion
added 2020/02/07 5:15 a.m.23 views

Code injection

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

7.2CVSS7.7AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/02/07 5:0 a.m.29 views

CVE-2019-14060

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

7.7AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2020/02/07 5:0 a.m.115 views

CVE-2019-14060

CVE-2019-14060 is a vulnerability described as uninitialized stack data usage when memory for a blob is not allocated or is smaller than the required struct, caused by a missing check of the return value for read/write blob operations in Qualcomm Snapdragon components (Android/Snapdragon Auto, Co...

7.8CVSS7.8AI score0.00202EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2020-1017)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.8AI score0.06457EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/01/02 12:0 a.m.49 views

EulerOS 2.0 SP8 : libxslt (EulerOS-SA-2020-1017)

According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length...

5.3CVSS6.9AI score0.06457EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/07/19 12:0 a.m.36 views

SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2019:1867-1)

This update for libxslt fixes the following issues : Security issues fixed : CVE-2019-13118: Fixed a read of uninitialized stack data bsc1140101. CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters bsc1140095. Note th...

5.3CVSS6.9AI score0.06457EPSS
Exploits0References7
Veracode
Veracode
added 2019/05/02 6:36 a.m.32 views

Information Disclosure

Linux kernel is vulnerable to information disclosure. The vulnerability exists because of incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel. Local users could obtain sensitive information from uninitialized stack data by triggering...

5.5CVSS5.5AI score0.00421EPSS
Exploits0References45Affected Software2
Virtuozzo
Virtuozzo
added 2018/06/25 12:0 a.m.149 views

Important kernel security update: CVE-2018-10675 and other issues; new kernel 2.6.32-042stab131.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab131.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 that is a rebase to the Red Hat Enterprise Linux 6.10 kernel 2.6.32-754.el6. The new kernel introduces security and stability fixes. Vulnerability id: CVE-2018-10675 The...

7.8CVSS7.9AI score0.01674EPSS
Exploits3References13
RedHat Linux
RedHat Linux
added 2018/06/19 4:58 a.m.6 views

kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

5.5CVSS6.8AI score0.00413EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/09/18 4:0 p.m.26 views

CVE-2017-0380

The rendserviceintroestablished function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to t...

5.7AI score0.01541EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/08/01 2:22 p.m.6 views

kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

5.5CVSS6.8AI score0.00413EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/08/01 2:13 p.m.5 views

kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

5.5CVSS6.8AI score0.00413EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2017/04/11 8:48 a.m.51 views

CVE-2017-7616

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

5.5CVSS3AI score0.00413EPSS
Exploits0References1
NVD
NVD
added 2017/04/10 2:59 p.m.20 views

CVE-2017-7616

Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

5.5CVSS5.9AI score0.00413EPSS
Exploits0References8
Rows per page
Query Builder