The vulnerability of the Updater service in Parallels Desktop hypervisor allows a hacker to execute arbitrary code and increase their privileges.

The vulnerability of the Updater service in Parallels Desktop operating systems is related to initialization errors. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...

The vulnerability of the Parallels Desktop Hypervisor Service allows a attacker to execute arbitrary code and gain elevated privileges.

The vulnerability of the Parallels Desktop Hypervisor Service is related to initialization errors. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...

PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution

Summary Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via LoadSettingsFile. Details The loader being imported from the yaml library is...

CVE-2023-45085

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads tha...

Code injection

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads tha...

CVE-2023-45085 When compute hosts are disabled and reenabled, they immediately transition to "ON", not "INIT"

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads tha...

CVE-2023-45085

CVE-2023-45085 affects SoftIron HyperCloud. The vulnerability arises when compute nodes come online without going through the proper initialization, allowing workloads to be scheduled on nodes that may deploy into a failed or erroneous state, impacting availability. Affected versions are HyperClo...

PT-2023-29364 · Galleon · Galeon

Name of the Vulnerable Software and Affected Versions: Galleon affected versions not specified Description: An improper initialization issue was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This could allow an attacker to acces...

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress...

PT-2023-29402 · Softiron · Softiron Hypercloud

Name of the Vulnerable Software and Affected Versions: SoftIron HyperCloud versions 2.0.0 through 2.0.2 Description: An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be...

eap-galleon: custom provisioning creates unsecured http-invoker

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

eap-galleon: custom provisioning creates unsecured http-invoker

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

CVE-2023-4503

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

The vulnerability of Intel® Optane(TM) solid-state storage device’s microprogramming software, related to improper resource initialization, allows a hacker to trigger a service failure.

The vulnerability of Microprogrammed Software for Intel® OptaneTM solid-state drives is related to improper initialization of resources. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the application interface for WebDAV web applications used for syncing data with ownCloud allows a perpetrator to bypass authentication procedures and gain access to read, modify, or delete data.

The vulnerability of the WebDAV application interface for data synchronization with ownCloud is related to initialization errors caused by the lack of configuration of signature keys for pre-signed URL addresses. Exploiting this vulnerability allows an attacker to bypass authentication procedures...

USN-6497-1: Linux kernel (OEM) vulnerabilities

Maxim Levitsky discovered that the KVM nested virtualization SVM implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service host kernel crash. CVE-2023-5090 Alon Zahavi discovered that the...

Insecure AES Initialization Vector

PyPinkSign is vulnerable to the Insecure Initialization Vector. The vulnerability is due to usage of static Initialization Vector for AES encryption. This could lead to Information Disclosure...

SUSE CVE-2023-5676

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal SIGTERM, SIGINT or SIGHUP is received before the JVM has finished initializing...

GHSA-FXFF-WXXV-C2JC PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

CVE-2023-48056

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...