8941 matches found
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
...
Denial Of Service(DoS)
Fetchmail is vulnerable to denial of service. reportvbuild in report.c sometimes omits initialization of the vsnprintf valist argument, allowing mail servers to cause a denial of service or possibly have unspecified other impact via long error messages...
Adobe After Effects MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Media Encoder MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Prelude MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...
Adobe Photoshop MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
Insecure Default Initialization of Resource
As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be ke...
mod_auth_openidc 安全特征问题漏洞
modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server that is used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. A security vulnerability exists in Zmartzone modauthopenidc that stems from...
SUSE: Security Advisory (SUSE-SU-2021:2448-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2021:2448-1 Security update for qemu
This update for qemu fixes the following issues: Security fixes: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure tftp bsc1187366 - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure bootp bsc1187364 -...
SUSE SLES12 Security Update : qemu (SUSE-SU-2021:2428-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2428-1 advisory. - An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput function...
SUSE-SU-2021:2442-1 Security update for qemu
This update for qemu fixes the following issues: - CVE-2021-3582: Fix possible mremap overflow in the pvrdma bsc1187499 - CVE-2021-3607: Ensure correct input on ring init bsc1187539 - CVE-2021-3608: Fix the ring init error flow bsc1187538 - CVE-2021-3611: Fix intel-hda segmentation fault due to...
PT-2024-11293 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A slab-out-of-bounds issue has been resolved in the Linux kernel. The issue was observed while running self-tests on a KASAN enabled kernel, where a slab-out-of-bounds splat was...
Ubuntu 20.04 LTS : libslirp vulnerabilities (USN-5009-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5009-1 advisory. Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak...
CVE-2021-0280
Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise PE chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS Distributed Denial of Service...
CVE-2021-0280
CVE-2021-0280 affects Juniper Junos OS on PTX and QFX10K with Paradise (PE) chipset line cards. Root cause: Improper initialization in the DDoS policer path of the Packet Forwarding Engine, causing ddos-protection CLI changes to not apply beyond default DDoS settings. Impact: BFD session flapping...
Adobe Bridge MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...
Default configuration
Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access...
CVE-2021-0144
Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access...
The vulnerability of the WriteJP2Image function in the ImageMagick program, which is used for reading and editing graphic files, relates to memory initialization errors. This vulnerability allows attackers to gain access to confidential information or cause service interruptions.
The vulnerability of the WriteJP2Image function in the ImageMagick program, which is used for reading and editing graphic files, is related to incorrect initialization. Exploiting this vulnerability allows an attacker to gain access to confidential information or cause service failures...