CVE-2024-26638 nbd: always initialize struct msghdr completely

In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...

Input validation

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

CVE-2023-4503

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

Input validation

Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access...

Uninitialized State Variables

Lines of code Vulnerability details Impact in The resetTmpMarketParameters function is an internal function, which means it can only be called from within the WildcatMarketController contract itself. If a child contract inherits from WildcatMarketController and calls resetTmpMarketParameters befo...

initialize function can be front run

Lines of code Vulnerability details Impact Initialize function have the potential of front running by a malicious actor. An attacker can front-run the deployer and takeover the contract by setting itself as the owner in the Contract. Taking ownership will result in carrying out malicious acts tha...

Oracle Linux 8 : istio (ELSA-2023-12356)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12356 advisory. - CVE-2022-27496 - CVE-2022-27488 - CVE-2022-27493 - CVE-2022-27492 - CVE-2022-27491 - CVE-2022-27487 Tenable has extracted the preceding description...

CVE-2023-31101 Apache InLong: Users who joined later can see the data of deleted users

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

Docker Desktop 命令注入漏洞

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

The vulnerability in the implementation of the SNP_INIT command during the loading of microprogramming software for AMD processors allows a attacker to influence the integrity of the protected information.

The vulnerability of the SNPINIT implementation in the loading of microprogramming software for AMD processors is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to influence the integrity of the protected information...

Input validation

Improper initialization in the IntelR Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-43468

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...

PT-2022-16828 · Ezviz · Ezviz Cs-C6N-A0-1C2Wfr-Mul

Name of the Vulnerable Software and Affected Versions: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428 Description: The issue is related to an Improper Initialization vulnerability in the local server component, allowing a local attacker to read the contents of the memory space...

Input validation

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface em0 but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may...

Juniper Junos OS DoS (JSA11184)

The version of Junos OS installed on the remote host is affected by a denial of service vulnerability as referenced in the JSA11184 advisory. - Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise PE chipset-based line cards...

Pool functions can be called before initialization in init() of Pools.sol

Handle 0xRajeev Vulnerability details Impact All the external/public functions of Pools.sol can be called by other contracts even before Pools.sol contract is initialized. This can lead to exceptions, state corruption or incorrect accounting in other contracts, which may require redeployment of...

CVE-2021-0234

Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS Distributed Denial of Service settings when configured from the CLI. The DDoS...

The vulnerability of the init process of the loginctl subsystem of Systemd, related to security configuration errors, allows a perpetrator to access confidential data.

The vulnerability of the loginctl process in the initialization and service management subsystem of Systemd is related to security configuration errors. Exploiting this vulnerability can allow an attacker to access confidential data...

The vulnerability of microprogramming software, including Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS), arises from insecure resource initialization, allowing attackers to escalate their privileges.

The vulnerabilities of Microprogramming Software, including Intel Converged Security and Manageability Engine CSME, Intel Trusted Execution Engine TXE, and Intel Server Platform Services SPS, are related to insecure resource initialization. Exploiting these vulnerabilities can allow attackers to...

CVE-2020-8744

Improper initialization in subsystem for IntelR CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE versions before 4.0.30 IntelR SPS versions before E305.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access...