(Pwn2Own) Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within t...

openSUSE 15 Security Update : qemu (openSUSE-SU-2021:2591-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2591-1 advisory. - QEMU 5.0.0 has a heap-based Buffer Overflow in flatviewreadcontinue in exec.c because hw/sd/sdhci.c mishandles a write operation in the...

CVE-2021-36386

reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any...

DEBIAN-CVE-2021-36386

reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any...

CVE-2021-36386

reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any...

CVE-2021-36386

reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any...

Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.

...

Denial Of Service(DoS)

Fetchmail is vulnerable to denial of service. reportvbuild in report.c sometimes omits initialization of the vsnprintf valist argument, allowing mail servers to cause a denial of service or possibly have unspecified other impact via long error messages...

Adobe Media Encoder MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Photoshop MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Adobe After Effects MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Prelude MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

Insecure Default Initialization of Resource

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be ke...

mod_auth_openidc 安全特征问题漏洞

modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server that is used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. A security vulnerability exists in Zmartzone modauthopenidc that stems from...

SUSE: Security Advisory (SUSE-SU-2021:2448-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:2448-1 Security update for qemu

This update for qemu fixes the following issues: Security fixes: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure tftp bsc1187366 - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure bootp bsc1187364 -...

SUSE SLES12: qemu / qemu-block-curl / qemu-block-rbd / qemu-block-ssh / etc (SUSE-SU-2021:2428-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2428-1 advisory. - CVE-2021-3595: Fixed an invalid pointer initialization may lead to information disclosure tftp. bsc1187366 - CVE-2021-3592: Fixed an invalid...

SUSE-SU-2021:2442-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2021-3582: Fix possible mremap overflow in the pvrdma bsc1187499 - CVE-2021-3607: Ensure correct input on ring init bsc1187539 - CVE-2021-3608: Fix the ring init error flow bsc1187538 - CVE-2021-3611: Fix intel-hda segmentation fault due to...

PT-2024-11293 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A slab-out-of-bounds issue has been resolved in the Linux kernel. The issue was observed while running self-tests on a KASAN enabled kernel, where a slab-out-of-bounds splat was...

Ubuntu 20.04 LTS : libslirp vulnerabilities (USN-5009-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5009-1 advisory. Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak...