This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.
Īn array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver.Īn information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.
The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via. NOTE: the vendor has disputed this as described in libyal/libfsntfs. ** DISPUTED ** The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs i.
** DISPUTED ** The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described i. ** DISPUTED ** The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsnt. ** DISPUTED ** The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.5. Reference: N-CVE-2018-6254.Īn Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver.
In Android before the security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors. Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.Īn information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE. It is possible to use a different authentication method to submit a job than the administrator has specified.
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. ** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the s. The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP.
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.