PT-2021-17004 · Amd · 1St Gen Amd Epyc™ +49

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns a potential "two time pad attack" due to the persistent platform private key not being protected with a random IV. This could lead to security risks, but specific...

The vulnerability of the Link Layer Discovery Protocol (LLDP) implementation in Cisco IOS and Cisco IOS XE operating systems allows a attacker to cause a service failure.

The vulnerability of the Link Layer Discovery Protocol LLDP implementation in Cisco IOS and Cisco IOS XE operating systems is related to initialization errors. Exploiting this vulnerability allows a malicious actor to cause service failures through the command line interface or by sending special...

The vulnerability of the Protection Against Distributed Denial of Service attacks function in Cisco IOS XE allows a attacker to cause a service failure.

The vulnerability of the Protection Against Distributed Denial of Service attacks in Cisco IOS XE operating systems is related to initialization errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

UVI-2021-1002204 ice: check whether PTP is initialized in ice_ptp_release()

ice: check whether PTP is initialized in iceptprelease This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15 by commit...

GSD-2021-1002204 ice: check whether PTP is initialized in ice_ptp_release()

ice: check whether PTP is initialized in iceptprelease This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15 by commit...

UVI-2021-1002135 ice: check whether PTP is initialized in ice_ptp_release()

ice: check whether PTP is initialized in iceptprelease This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.16 by commit...

Design/Logic Flaw

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of @openzeppelin/contracts and...

CVE-2021-30266

CVE-2021-30266 describes a use-after-free due to improper memory validation when initializing a new interface via the Interface add command in Qualcomm Snapdragon devices (multiple product families). Affected component is memory handling during interface initialization; impact is rated high for c...

Mozilla Firefox Security Advisory (MFSA2015-45) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2013-96) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp)

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput function and could occur while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 byte...

kernel: double free in bluetooth subsystem when the HCI device initialization fails

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system...

kernel: double free in bluetooth subsystem when the HCI device initialization fails

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system...

Hitachi Energy Relion 670/650/SAM600-IO

1. EXECUTIVE SUMMARY CVSS v3 8.1 Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could hijack existing TCP sessions to inject packets of their choosing or cause...

The vulnerability of the QEMU hardware emulation API, related to writing beyond the buffer boundaries, allows a hacker to trigger a service failure.

The vulnerability of the QEMU hardware emulation API is related to an initialization error in the memory region cache. Exploiting this vulnerability can allow an attacker to cause a system failure...

Fuji Electric Tellus Lite V-Simulator V8 File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

NewStart CGSL MAIN 6.02 : grub2 Multiple Vulnerabilities (NS-SA-2021-0133)

The remote NewStart CGSL host, running version MAIN 6.02, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an...

CVE-2021-34855

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

CVE-2021-34855

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

Design/Logic Flaw

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...