GSD-2021-1002787 ipmi: fix initialization when workqueue allocation fails

ipmi: fix initialization when workqueue allocation fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.223 by commit...

PT-2021-8083 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the incorrect initialization of dev-work after calling input register device in the appletouch component of the Linux kernel. This may cause a warning in flush...

Vader TWAP averages wrong

Handle cmichel Vulnerability details The vader price in LiquidityBasedTWAP.getVaderPrice is computed using the pastLiquidityWeights and pastTotalLiquidityWeight return values of the syncVaderPrice. The syncVaderPrice function does not initialize all weights and the total liquidity weight does not...

cloud-init bug fix and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: cloud-init.service fails to start after package updat...

Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

Adobe Premiere Rush versions 1.5.16 and earlier allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

Design/Logic Flaw

Adobe Premiere Rush versions 1.5.16 and earlier allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose arbitrary data on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

CVE-2021-43746 Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe Premiere Rush versions 1.5.16 and earlier allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

GHSA-GP4J-W3VJ-7299 Information Exposure in RunC

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

It is possible to "uninitialize" ERC20Facet contract

Handle Czar102 Vulnerability details Impact The initialization status is defined by the name and symbol. It is possible it set them back to an empty string, uninitializing the contract and letting the initialize.. function be called again. This way, the owner may, for example, hide minting...

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.

...

SUSE SLES12 Security Update : kernel (Live Patch 41 for SLE 12 SP3) (SUSE-SU-2021:4052-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4052-1 advisory. - In ip6xmit of ip6output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation o...

OpenZeppelin Contracts initializer reentrancy may lead to double initialization

Impact Initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in plac...

GHSA-9C22-PWXW-P6HX OpenZeppelin Contracts initializer reentrancy may lead to double initialization

Impact Initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in plac...

PT-2021-5685 · Adobe · Premiere Rush

Name of the Vulnerable Software and Affected Versions: Adobe Premiere Rush versions 1.5.16 and earlier Description: The issue is related to the parsing of MP4 files and results from the lack of proper initialization of memory prior to accessing it. This allows remote attackers to disclose arbitra...

OESA-2021-1458 edk2 security update

EFI Development Kit II. Security Fixes: BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.CVE-2021-28216...

Multiple initialization of Collateral contract

Handle 0x1f8b Vulnerability details Impact The attacker can initialize the contract, take malicious actions, and allow it to be re-initialized by the project without any error being noticed.. Proof of Concept The initialize method of the Collateral contract does not contain the initializer...

PT-2021-8123 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the ipmi: ssif component in the Linux kernel. It causes a kernel crash when an error path is taken during the probe of ssif info-client. The issue arise...

Qualcomm多款产品 芯片资源管理错误漏洞

Qualcomm APQ8009 and others are products of Qualcomm Incorporated Qualcomm, U.S.A. The Qualcomm APQ8009 is a central processing unit CPU product.The Qualcomm APQ8096AU is a central processing unit.The Qualcomm APQ8009W is a central processing unit. A resource management error vulnerability exists...