SUSE: Security Advisory (SUSE-SU-2021:2791-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5045-1: Linux kernel vulnerabilities

Norbert Slusarek discovered that the CAN broadcast manger bcm protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-34693 It was discovered that the bluetooth...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5044-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5044-1 advisory. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a...

CVE-2021-37682

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

CVE-2021-0061

Improper initialization in some IntelR Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access...

Intel Graphics Drivers 安全漏洞

Intel Graphics Drivers is an integrated graphics driver from Intel Corporation USA. A security vulnerability exists in Intel Graphics Driver for Windows, which is due to an initialization error. A local user can run a specially designed application to execute arbitrary code on the system using...

Potential for market to be created but never initialized

Handle loop Vulnerability details Impact Multiple markets can be created before being initialized since createNewSyntheticMarket and initializeMarket are separate functions. The SyntheticTokens used in initialization will however always be those of the latest market created. Proof of Concept Let'...

Synths minted to the wrong market when initializing

Handle 0xImpostor Vulnerability details Impact Synthetix tokens are not minted to the correct market index since the creation of the synth market and the initialization are 2 separate steps. Proof of Concept 1. Create 2 synth market without initializing them 2. Call initializeMarket twice 3. Synt...

latestMarket used where marketIndex should have been used

Handle gpersoon Vulnerability details Impact The functions initializeMarket and seedMarketInitially use the variable latestMarket. If these functions would be called seperately from createNewSyntheticMarket, then latestMarket would have the same value for each call of initializeMarket and...

DEBIAN-CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

UBUNTU-CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

Tianocore Edk2 安全漏洞

Tianocore Edk2 is a cross-platform firmware development environment from the Tianocore community that follows the UEFI and PI specifications. A security vulnerability exists in Tianocore Edk2 that allows an attacker to access sensitive data...

The vulnerability of the fetchmail reception and forwarding utility, related to incorrect resource initialization, allows a hacker to gain access to confidential information.

The vulnerability of the fetchmail reception and forwarding utility is related to incorrect initialization of the resource. Exploiting this vulnerability can allow an attacker to access confidential information...

Parallels Desktop Toolgate Uninitialized Memory Information Leakage Vulnerability

A security vulnerability exists within Parallels Desktop Toolgate Uninitialized, which stems from the product's failure to properly initialize the memory of the Toolgate component. A local attacker could gain access to sensitive information through this vulnerability...

The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos OS-based routers of the PTX and QFX10K series allows a hacker to induce a service failure.

The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos OS-based routers of the PTX and QFX10K series is related to initialization errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

GHSA-6CJ2-92M5-7MVP Improperly Controlled Modification of Object Prototype Attributes

Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. Patches [email protected] patched it, anyone used think-config should...

CVE-2021-31503

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 package 16.6.3.134. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

GSD-2021-1001270 NFSv4: Initialise connection to the server in nfs4_alloc_client()

NFSv4: Initialise connection to the server in nfs4allocclient This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.52 by commit...

UVI-2021-1001197 NFSv4: Initialise connection to the server in nfs4_alloc_client()

NFSv4: Initialise connection to the server in nfs4allocclient This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit...

GSD-2021-1001181 cpufreq: CPPC: Fix potential memleak in cppc_cpufreq_cpu_init

cpufreq: CPPC: Fix potential memleak in cppccpufreqcpuinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit...