Total
232 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12979 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2020-08-19 | 6.8 MEDIUM | 7.8 HIGH |
| ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. | |||||
| CVE-2020-12301 | 1 Intel | 16 S2600bpbr, S2600bpbr Firmware, S2600bpqr and 13 more | 2020-08-19 | 4.6 MEDIUM | 8.2 HIGH |
| Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-12978 | 1 Imagemagick | 1 Imagemagick | 2020-08-18 | 6.8 MEDIUM | 7.8 HIGH |
| ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. | |||||
| CVE-2019-12977 | 1 Imagemagick | 1 Imagemagick | 2020-08-18 | 6.8 MEDIUM | 7.8 HIGH |
| ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c. | |||||
| CVE-2020-8918 | 1 Google | 1 Go-tpm | 2020-08-18 | 3.6 LOW | 7.1 HIGH |
| An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and 'encMigrationAuth', and then can calculate 'usageAuth ^ encMigrationAuth' as the 'migrationAuth' can be guessed for all keys created with CreateWrapKey. TPM2.0 is not impacted by this. We recommend updating your library to 0.3.0 or later, or, if you cannot update, to call CreateWrapKey with a random 20-byte value for 'migrationAuth'. | |||||
| CVE-2011-4087 | 1 Linux | 1 Linux Kernel | 2020-07-27 | 4.3 MEDIUM | 7.5 HIGH |
| The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device. | |||||
| CVE-2020-0586 | 1 Intel | 1 Server Platform Services | 2020-07-22 | 4.6 MEDIUM | 7.8 HIGH |
| Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | |||||
| CVE-2020-0529 | 1 Intel | 158 Core I5-7200u, Core I5-7200u Firmware, Core I5-7260u and 155 more | 2020-06-30 | 4.6 MEDIUM | 7.8 HIGH |
| Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-1761 | 1 Cisco | 2 Ios, Ios Xe | 2020-05-11 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device. | |||||
| CVE-2011-3927 | 1 Google | 1 Chrome | 2020-05-07 | 7.5 HIGH | N/A |
| Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2019-7240 | 1 Moo0 | 1 System Monitor | 2020-04-01 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | |||||
| CVE-2019-7244 | 1 Aida64 | 1 Aida64 | 2020-04-01 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | |||||
| CVE-2019-7245 | 1 Techpowerup | 1 Gpu-z | 2020-04-01 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | |||||
| CVE-2019-6190 | 1 Lenovo | 364 510-15ikl, 510-15ikl Firmware, 510s-08ikl and 361 more | 2020-03-16 | 2.1 LOW | 5.5 MEDIUM |
| Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. | |||||
| CVE-2016-1000109 | 1 Facebook | 1 Hhvm | 2020-03-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive). | |||||
| CVE-2019-15875 | 1 Freebsd | 1 Freebsd | 2020-03-04 | 2.1 LOW | 3.3 LOW |
| In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack. | |||||
| CVE-2013-1634 | 1 Intel | 2 82574l Controller, 82574l Controller Firmware | 2020-02-27 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image. | |||||
| CVE-2015-8367 | 1 Libraw | 1 Libraw | 2020-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. | |||||
| CVE-2019-20063 | 1 Symonics | 1 Libmysofa | 2020-01-08 | 6.8 MEDIUM | 8.8 HIGH |
| hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json. | |||||
| CVE-2019-8540 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-12-30 | 7.1 HIGH | 5.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout. | |||||