Design/Logic Flaw

Adobe Premiere Rush versions 1.5.16 and earlier allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

Design/Logic Flaw

Adobe Premiere Rush versions 1.5.16 and earlier allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose arbitrary data on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

CVE-2021-43746 Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe Premiere Rush versions 1.5.16 and earlier allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

GHSA-GP4J-W3VJ-7299 Information Exposure in RunC

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

It is possible to "uninitialize" ERC20Facet contract

Handle Czar102 Vulnerability details Impact The initialization status is defined by the name and symbol. It is possible it set them back to an empty string, uninitializing the contract and letting the initialize.. function be called again. This way, the owner may, for example, hide minting...

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.

...

SUSE SLES12 Security Update : kernel (Live Patch 41 for SLE 12 SP3) (SUSE-SU-2021:4052-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4052-1 advisory. - In ip6xmit of ip6output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation o...

OpenZeppelin Contracts initializer reentrancy may lead to double initialization

Impact Initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in plac...

GHSA-9C22-PWXW-P6HX OpenZeppelin Contracts initializer reentrancy may lead to double initialization

Impact Initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in plac...

PT-2021-5685 · Adobe · Premiere Rush

Name of the Vulnerable Software and Affected Versions: Adobe Premiere Rush versions 1.5.16 and earlier Description: The issue is related to the parsing of MP4 files and results from the lack of proper initialization of memory prior to accessing it. This allows remote attackers to disclose arbitra...

OESA-2021-1458 edk2 security update

EFI Development Kit II. Security Fixes: BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.CVE-2021-28216...

Multiple initialization of Collateral contract

Handle 0x1f8b Vulnerability details Impact The attacker can initialize the contract, take malicious actions, and allow it to be re-initialized by the project without any error being noticed.. Proof of Concept The initialize method of the Collateral contract does not contain the initializer...

PT-2021-8123 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the ipmi: ssif component in the Linux kernel. It causes a kernel crash when an error path is taken during the probe of ssif info-client. The issue arise...

Qualcomm多款产品 芯片资源管理错误漏洞

Qualcomm APQ8009 and others are products of Qualcomm Incorporated Qualcomm, U.S.A. The Qualcomm APQ8009 is a central processing unit CPU product.The Qualcomm APQ8096AU is a central processing unit.The Qualcomm APQ8009W is a central processing unit. A resource management error vulnerability exists...

Qualcomm 芯片安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuitry including primarily semiconductor devices, but also passive components, etc., and from time to time manufactured on the surface of semiconductor wafers. A security vulnerability exists in multiple Qualcomm...

Qualcomm 芯片输入验证错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. a way to miniaturize circuitry including primarily semiconductor devices, but also passive components, etc. and is manufactured from time to time on the surface of semiconductor wafers. An input validation error vulnerability exists in...

SUSE-SU-2021:14848-1 Security update for xen

This update for xen fixes the following issues: - CVE-2021-0089: Fixed Speculative Code Store Bypass XSA-375 bsc1186433. - CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 bsc1182654. - CVE-2021-28690: Fixed x86 TSX Async Abort protections not restored after S3 XSA-377...

CVE-2021-0120

Improper initialization in the installer for some IntelR Graphics DCH Drivers for Windows 10 before version 27.20.100.9316 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2021-0053

Improper initialization in firmware for some IntelR PROSet/Wireless WiFi and KillerTM WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent access...

Input validation

Improper initialization in firmware for some IntelR PROSet/Wireless WiFi and KillerTM WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent access...