PT-2022-13442 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB affected versions not specified Description: The issue is related to an insecure default initialization of resources in Apache CouchDB, which could allow an attacker to elevate their privileges to the administrator level...

Missing Initialization of Resource in Apache Arrow

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...

Linux kernel resource initialization vulnerability

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel version 5.17.5 and prior versions have a security vulnerability that stems from a missing initialization of kiocb-private in iorwinitfile in fs/iouring.c. No detailed vulnerability details a...

Insecure Default Initialization of Resource in Pivotal Spring Web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

GHSA-Q4V9-QJMW-J7VF Insecure Default Initialization of Resource in Pivotal Spring Web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

Missing Initialization of Resource in pnet

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...

The vulnerability of the fetchmail reception and forwarding utility, related to incorrect resource initialization, allows a hacker to gain access to confidential information.

The vulnerability of the fetchmail reception and forwarding utility is related to incorrect initialization of the resource. Exploiting this vulnerability can allow an attacker to access confidential information...

Insecure Default Initialization of Resource

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be ke...

The vulnerability of NETGEAR EX7700 wireless network repeater software, related to insecure resource initialization, allows a intruder to gain unauthorized access to protected information.

The vulnerability of NETGEAR EX7700 Wi-Fi network repeater software’s microprogramming system is related to an insecure resource initialization process. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to protected information...

The vulnerability of Intel Ethernet I210 controller’s microprogramming software, related to incorrect resource initialization, allows a hacker to trigger a service failure.

The vulnerability of Intel Ethernet I210 controller’s microprogramming software is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2020-12523

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports g...

CVE-2020-12523 Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports g...

CVE-2020-12523

Affected product: Phoenix Contact mGuard Devices (versions before 8.8.3) with LAN ports or an integrated LAN switch. Root cause: On reboot, the device exhibits Missing Initialization of Resource, causing LAN ports that were disabled by configuration to become functional again. In devices with an ...

The vulnerability of microprogramming software, including Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS), arises from insecure resource initialization, allowing attackers to escalate their privileges.

The vulnerabilities of Microprogramming Software, including Intel Converged Security and Manageability Engine CSME, Intel Trusted Execution Engine TXE, and Intel Server Platform Services SPS, are related to insecure resource initialization. Exploiting these vulnerabilities can allow attackers to...

The vulnerability of the DCH-compatible Thunderbolt driver, related to incorrect resource initialization, allows a hacker to disclose protected information.

The vulnerability of the DCH-compatible Thunderbolt driver is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability in the built-in software of the Intel NUC Kit relates to incorrect resource initialization, allowing attackers to exploit their privileges.

The vulnerability of the built-in software in the Intel NUC Kit is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the JunOS operating system, related to incorrect resource initialization, allows a hacker to trigger a service failure.

The vulnerability of the JunOS operating system is related to incorrect initialization of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of Intel Server Platform Services’ microprogramming software lies in improper resource initialization, which allows attackers to increase their privileges or cause service failures.

The vulnerability of Intel Server Platform Services’ microprogramming software is related to incorrect resource initialization. Exploiting this vulnerability can allow attackers to enhance their privileges or cause service failures...

The vulnerability of the Fly-wm window manager, related to improper initialization of resources, allows attackers to cause service failure.

The vulnerability of the Fly-wm window manager is related to incorrect initialization of resources. Exploiting this vulnerability can allow attackers to cause service failures...

CVE-2020-9227

Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this...