Lucene search
K

1109 matches found

Prion
Prion
added 2013/12/14 5:21 p.m.17 views

Session fixation

The bgpattrunknown function in bgpattr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service bgpd crash via a crafted BGP update...

4.3CVSS6.8AI score0.02245EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2013/11/20 4:35 p.m.4 views

wireshark: DoS (crash) in the ASN.1 BER dissector (wnpa-sec-2013-25, upstream #8599)

The dissectberchoice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service application crash via a malformed packet...

5CVSS5.9AI score0.03348EPSS
Exploits1References4
OSV
OSV
added 2013/10/17 11:55 p.m.6 views

CVE-2013-4368

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information hypervisor stack content via unspecified vectors related to stale...

5.7AI score
Exploits0References9
UbuntuCve
UbuntuCve
added 2013/10/17 11:55 p.m.35 views

CVE-2013-4368

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information hypervisor stack content via unspecified vectors related to stale...

1.9CVSS7.1AI score0.00367EPSS
Exploits0References3
Xen Project
Xen Project
added 2013/10/10 12:0 p.m.59 views

Information leak through outs instruction emulation

ISSUE DESCRIPTION The emulation of the outs instruction for 64-bit PV guests uses an uninitialized variable as the segment base for the source data if an FS: or GS: segment override is used, and if the segment descriptor the respective non-null selector in the corresponding selector register poin...

1.9CVSS0.8AI score0.00367EPSS
Exploits0Affected Software1
OSV
OSV
added 2013/09/11 12:0 a.m.26 views

DSA-2754-1 exactimage - denial of service

Bulletin has no description...

4.3CVSS9.4AI score0.01261EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2013/07/16 6:21 p.m.3 views

Kernel: atm: update msg_namelen in vcc_recvmsg()

The vccrecvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

4.9CVSS6.4AI score0.00392EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/07/10 3:49 a.m.3 views

Kernel: Bluetooth: possible info leak in bt_sock_recvmsg()

The btsockrecvmsg function in net/bluetooth/afbluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

4.9CVSS6.4AI score0.00392EPSS
Exploits0References4
OSV
OSV
added 2013/05/25 3:18 a.m.3 views

DEBIAN-CVE-2013-3557

The dissectberchoice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service application crash via a malformed packet...

5CVSS7.3AI score0.03348EPSS
Exploits1References1
OSV
OSV
added 2013/05/02 2:55 p.m.1 views

DEBIAN-CVE-2013-1884

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service segmentation fault and crash via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable...

5CVSS7.9AI score0.50538EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/05/02 2:0 p.m.27 views

CVE-2013-1884

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service segmentation fault and crash via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable...

6.2AI score0.50538EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2013/05/02 12:0 a.m.33 views

CVE-2013-1884

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service segmentation fault and crash via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable...

5CVSS7.2AI score0.50538EPSS
Exploits0References3
OSV
OSV
added 2013/04/22 11:41 a.m.6 views

CVE-2013-3228

The irdarecvmsgdgram function in net/irda/afirda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

5.9AI score
Exploits0References11
OSV
OSV
added 2013/04/22 12:0 a.m.1 views

UBUNTU-CVE-2013-3222

The vccrecvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

4.9CVSS6.4AI score0.00392EPSS
Exploits0References16
OSV
OSV
added 2013/04/12 10:55 p.m.1 views

DEBIAN-CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an 1 empty match attribute in a XSL key to the xsltAddKey function in keys.c or 2 uninitialized variable to the xsltDocumentFunction function in functions.c...

5CVSS8.8AI score0.0446EPSS
Exploits1References1
Prion
Prion
added 2013/04/12 10:55 p.m.22 views

Null pointer dereference

libxslt before 1.1.28 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an 1 empty match attribute in a XSL key to the xsltAddKey function in keys.c or 2 uninitialized variable to the xsltDocumentFunction function in functions.c...

5CVSS7AI score0.0446EPSS
Exploits1References19Affected Software2
Cvelist
Cvelist
added 2013/04/12 10:0 p.m.34 views

CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an 1 empty match attribute in a XSL key to the xsltAddKey function in keys.c or 2 uninitialized variable to the xsltDocumentFunction function in functions.c...

9.1AI score0.0446EPSS
Exploits1References19
Debian CVE
Debian CVE
added 2013/04/12 10:0 p.m.34 views

CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an 1 empty match attribute in a XSL key to the xsltAddKey function in keys.c or 2 uninitialized variable to the xsltDocumentFunction function in functions.c...

5CVSS9.2AI score0.0446EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2013/03/26 12:0 a.m.43 views

CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an 1 empty match attribute in a XSL key to the xsltAddKey function in keys.c or 2 uninitialized variable to the xsltDocumentFunction function in functions.c...

5CVSS7.2AI score0.0446EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/11/26 12:0 a.m.21 views

Fedora 18 : viewvc-1.1.17-2.fc18 (2012-16646)

Patch CVE-2012-4533. Version 1.1.16 - security fix: escape 'extra' diff info to avoid XSS attack issue 515 - add 'binarymimetypes' configuration option and handling issue 510 - fix 'select for diffs' persistence across log pages issue 512 - remove lock status and filesize check on directories in...

4.3CVSS5.4AI score0.03085EPSS
Exploits0References3
Rows per page
Query Builder