CVE-2019-10844

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

CVE-2019-10844

CVE-2019-10844 affects Sony Neural Network Libraries (nnabla) – nbla/logger.cpp in libnnabla.a up to v1.0.14. The root cause is that code relies on the HOME environment variable, which is untrusted, enabling potential influence on behavior via the user’s HOME value. Public references in Red Hat a...

Sony Neural Network Libraries Input Validation Error Vulnerability

Neural Network Libraries is a deep learning framework designed for research, development and production. An input validation error vulnerability exists in nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries nnabla 1.0.14 and earlier. The vulnerability stems from the software's...

CVE-2018-3613

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

CVE-2018-3613

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

UBUNTU-CVE-2018-3613

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

Information disclosure

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

CVE-2018-3613

CVE-2018-3613 is reported in multiple advisories (notably EDK II/UDK UEFI firmware). The underlying issue is a logic error in the EDK II Variable service module for EDK II/UDK2018/UDK2017/UDK2015. Exploitation could allow an authenticated user to escalate privileges, disclose information, or caus...

CVE-2018-3613

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

PT-2019-18719 · Green Hills +1 · Integrity Rtos +1

Name of the Vulnerable Software and Affected Versions: Green Hills INTEGRITY RTOS version 5.0.4 Description: An issue was discovered in the Interpeak IPCOMShell TELNET server. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to...

Insecure Variable Comparison

Caucho Quercus uses an insecure variable comparison. When using the == operator for comparison of variables of various types, there is a possibility of variable comparisons to always result in a TRUE state...

DEBIAN-CVE-2019-9924

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell...

March 12, 2019—KB4489891 (Monthly Rollup)

March 12, 2019—KB4489891 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4487024 released February 19, 2019 and addresses the following issues: Addresses an issue that may prevent the Event Viewer from showing some event...

CVE-2019-9639

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the datalen variable...

CVE-2019-9639

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the datalen variable...

FreeBSD : OpenSSL -- ChaCha20-Poly1305 nonce vulnerability (e56f2f7c-410e-11e9-b95c-b499baebfeaf)

The OpenSSL project reports : Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length...

OpenSSL -- ChaCha20-Poly1305 nonce vulnerability

The OpenSSL project reports: Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length a...

The vulnerability of Visual Studio Code’s source editor, related to a bug in file handling after opening a project, allows attackers to modify file access rights and execute arbitrary code.

The vulnerability of Visual Studio Code’s source editor is related to a error in variable handling after a project is opened. Exploiting this vulnerability could allow an attacker to modify file access rights and execute arbitrary code...

Ansible Code Execution Vulnerability

Ansible is a computer system configuration manager that can be used to publish, manage, and orchestrate computer systems. A security vulnerability exists in Ansible that originates when the system loads an inventory variable from the current working directory when running the ad-hoc command. An...

DEBIAN-CVE-2019-9026

An issue was discovered in libmatio.a in matio aka MAT File I/O Library 1.5.13. There is a heap-based buffer overflow in the function InflateVarName in inflate.c when called from ReadNextCell in mat5.c...