CVE-2020-12961

A potential vulnerability exists in AMD Platform Security Processor PSP that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections...

CVE-2020-12961

A potential vulnerability exists in AMD Platform Security Processor PSP that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections...

DEBIAN-CVE-2021-0938

In memzeroexplicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

RUSTSEC-2021-0115 `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s

Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute. The flaw was corrected in version 1.2 and zeroizedrop on enums now properly...

Fix of CVE: CVE-2021-33909

ELS-130: netfilter: xtables: add missing tables zeroing - CLKRN-800: CVE-2021-33909: seqfile: disallow extremely large seq buffer allocation...

CLSA-2021-1632261987 Fix of CVE: CVE-2021-33909

ELS-130: netfilter: xtables: add missing tables zeroing - CLKRN-800: CVE-2021-33909: seqfile: disallow extremely large seq buffer allocation...

Fix of CVE: CVE-2021-33909

ELS-130: netfilter: xtables: add missing tables zeroing - CLKRN-800: CVE-2021-33909: seqfile: disallow extremely large seq buffer allocation...

Building Faster AMD64 Memset Routines

Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memor...

Building Faster AMD64 Memset Routines

Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memor...

PT-2020-13033 · Xt · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions 5.1 through 6.2.2 Description: The issue allows remote authenticated users to manipulate the id field in the POST request for altering an address, enabling them to zero out other users' stored addresses. Recommendations:...

USN-4095-2 linux-lts-xenial, linux-aws vulnerabilities

USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux...

Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)

It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-11487 Jann Horn discovered that ...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness)

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. bsc1137586...

JetAudio jetCast Server 2.0 Buffer Overflow

Title: JetAudio jetCast Server 2.0 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 13th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: http://www.jetaudio.com/ Software Link:...

UBUNTU-CVE-2016-9939

Crypto++ aka cryptopp and libcrypto++ 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will b...

Paragon Initiative Enterprises: Not clearing hex-decoded variable after usage in Authentication

All the sensitive information variables are zeroed from memory, expect the hex2bin value of "validator". https://github.com/paragonie/airship/blob/8f04f071c414c3893cf66311839d20a343af1237/src/Engine/Security/Authentication.phpL223-L236 $stored = \Sodium\hex2bin$record$f'validator';...

Tor: [tor] pre-emptive defenses, potential vulnerabilities

Replacing all tormalloc calls with torcalloc and tormalloczero ============================================================== Zeroing memory upon allocating it will prevent vulnerabilities that consist of transmitting data buffers which are not wholly initialized with the intended data or contain...

MIT Kerberos 5 multiple potential security vulnerabilities

Memory leaks, insufficient memory zeroing, etc...

USN-2124-2: OpenJDK 6 regression

USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream regression, memory was not properly zeroed under certain circumstances which could lead to instability. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A vulnerability was discovered in...

[SECURITY] [DSA 2148-1] Security update for tor

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2148-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 17, 2011 http://www.debian.org/security/faq -...