UBUNTU-CVE-2024-0340

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

Design/Logic Flaw

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

CVE-2024-0340

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

CVE-2024-0340 Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

CVE-2024-0340

CVE-2024-0340 is confirmed in the Linux kernel, affecting the vhost_new_msg path in drivers/vhost/vhost.c. The issue arises from memory not being properly initialized when building messages exchanged between virtual guests and the host via /dev/vhost-net, enabling local privileged users to read k...

DEBIAN-CVE-2023-35994

Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability...

Attacker can call initializeTokenomics in the tokenomics implementation contract and self destruct afterwards

Lines of code Vulnerability details Impact Malicious actor can front run any attempts to initialize the implementation contract of tokenomics and self destruct the contract. This makes us to re-deploy proxy as the upgradable logic is within the proxy as well. Proof of Concept 1. Implementation is...

Apache Superset Insecure Default Initialization of Resource Vulnerability

Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRETKEY according to installation instructions...

Mozilla: Use-after-free in <code>nsDNSService</code>

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up...

Mozilla: Use-after-free in <code>nsDNSService</code>

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up...

Mozilla: Use-after-free in <code>nsDNSService</code>

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up...

Mozilla: Use-after-free in <code>nsDNSService</code>

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up...

Mozilla: Use-after-free in <code>nsDNSService</code>

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up...

Mozilla: Use-after-free in <code>nsDNSService</code>

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up...

Input validation

Improper initialization of x87 and SSE floating-point configuration registers in the sconeentry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel...

CVE-2022-46487

Improper initialization of x87 and SSE floating-point configuration registers in the sconeentry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel...

Weak Cryptography

blinksocks is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the usage of weak encryption algorithms and fixed initialization vectors IV within /presets/ssr-auth-chain.js. This issue can be exploited by an attacker to disclose sensitive encrypted information via brute...

SNMP system uptime is refreshed to 0 after 497 days.

Symptom: SNMP oid ofsysUpTime OID: 1.3.6.1.2.1.1.3 is refreshed after 497 days. The time in hundredths of a second since thenetwork management portion of the system was last re-initialized...

PT-2023-32841 · Kylinsoft · Hedron-Domain-Hook

Name of the Vulnerable Software and Affected Versions: KylinSoft hedron-domain-hook versions up to 3.8.0.12-0k0.5 Description: A critical issue affects the init kcm function of the DBus Handler component, leading to improper access controls. The manipulation requires local attacking. The exploit...

PT-2023-31489 · Trimble · Trimble Sketchup Viewer

Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this issue, where...