Intel Graphics Drivers 安全漏洞

Intel Graphics Drivers is an integrated graphics driver from Intel Corporation USA. A security vulnerability exists in Intel Graphics Driver for Windows, which is due to an initialization error. A local user can run a specially designed application to execute arbitrary code on the system using...

Potential for market to be created but never initialized

Handle loop Vulnerability details Impact Multiple markets can be created before being initialized since createNewSyntheticMarket and initializeMarket are separate functions. The SyntheticTokens used in initialization will however always be those of the latest market created. Proof of Concept Let'...

Synths minted to the wrong market when initializing

Handle 0xImpostor Vulnerability details Impact Synthetix tokens are not minted to the correct market index since the creation of the synth market and the initialization are 2 separate steps. Proof of Concept 1. Create 2 synth market without initializing them 2. Call initializeMarket twice 3. Synt...

latestMarket used where marketIndex should have been used

Handle gpersoon Vulnerability details Impact The functions initializeMarket and seedMarketInitially use the variable latestMarket. If these functions would be called seperately from createNewSyntheticMarket, then latestMarket would have the same value for each call of initializeMarket and...

DEBIAN-CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

UBUNTU-CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

The vulnerability of the fetchmail reception and forwarding utility, related to incorrect resource initialization, allows a hacker to gain access to confidential information.

The vulnerability of the fetchmail reception and forwarding utility is related to incorrect initialization of the resource. Exploiting this vulnerability can allow an attacker to access confidential information...

Tianocore Edk2 安全漏洞

Tianocore Edk2 is a cross-platform firmware development environment from the Tianocore community that follows the UEFI and PI specifications. A security vulnerability exists in Tianocore Edk2 that allows an attacker to access sensitive data...

Parallels Desktop Toolgate Uninitialized Memory Information Leakage Vulnerability

A security vulnerability exists within Parallels Desktop Toolgate Uninitialized, which stems from the product's failure to properly initialize the memory of the Toolgate component. A local attacker could gain access to sensitive information through this vulnerability...

The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos OS-based routers of the PTX and QFX10K series allows a hacker to induce a service failure.

The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos OS-based routers of the PTX and QFX10K series is related to initialization errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

GHSA-6CJ2-92M5-7MVP Improperly Controlled Modification of Object Prototype Attributes

Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. Patches [email protected] patched it, anyone used think-config should...

CVE-2021-31503

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 package 16.6.3.134. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

GSD-2021-1001270 NFSv4: Initialise connection to the server in nfs4_alloc_client()

NFSv4: Initialise connection to the server in nfs4allocclient This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.52 by commit...

UVI-2021-1001197 NFSv4: Initialise connection to the server in nfs4_alloc_client()

NFSv4: Initialise connection to the server in nfs4allocclient This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit...

GSD-2021-1001181 cpufreq: CPPC: Fix potential memleak in cppc_cpufreq_cpu_init

cpufreq: CPPC: Fix potential memleak in cppccpufreqcpuinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit...

(Pwn2Own) Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within t...

openSUSE 15 Security Update : qemu (openSUSE-SU-2021:2591-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2591-1 advisory. - QEMU 5.0.0 has a heap-based Buffer Overflow in flatviewreadcontinue in exec.c because hw/sd/sdhci.c mishandles a write operation in the...

DEBIAN-CVE-2021-36386

reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any...

CVE-2021-36386

reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any...

CVE-2021-36386

reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any...