CVE-2021-34855

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

DOS By Front Running DelegatedStaking initialize

Handle elprofesor Vulnerability details Impact DelegatedStaking utilizes the ERC1967 upgradeable proxy standard. This relies on an implementation contract being deployed and then reused or consumed by a proxy contract. As proxy contracts are unable to leverage a constructor they typically use an...

Updated libslirp packages fix security vulnerability

Invalid pointer initialization issues were found in the SLiRP networking implementation of QEMU. In the bootpinput function while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory fr...

GSD-2021-1001708 KVM: x86: Handle SRCU initialization failure during page track init

KVM: x86: Handle SRCU initialization failure during page track init This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.10 by commit...

GSD-2021-1001635 KVM: x86: Handle SRCU initialization failure during page track init

KVM: x86: Handle SRCU initialization failure during page track init This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.71 by commit...

UVI-2021-1001635 KVM: x86: Handle SRCU initialization failure during page track init

KVM: x86: Handle SRCU initialization failure during page track init This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.71 by commit...

Exploit for Improper Initialization in Docker

sectoolset -- Github安全相关工具集合 主要内容： 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具（POC，EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 Microsoft 365 Defender研究团队和威胁情报中心（MSTIC）的SolarWinds攻击分析文章 OpenSSL 拒绝式攻击严重漏洞CVE-2020-1971 安全论文：《Measuring and...

Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Vulnerability of operating systems macOS, watchOS, iOS, and iPadOS, related to initialization errors, allowing attackers to disclose sensitive information

The vulnerabilities of operating systems macOS, watchOS, iOS, and iPadOS are related to initialization errors. Exploiting these vulnerabilities can allow attackers to disclose sensitive information that is protected by security measures...

The vulnerability of the hci_dev_do_open() function in the Linux kernel’s device initialization subsystem, related to the repeated memory release, allows a attacker to trigger a service failure.

The vulnerability of the hcidevdoopen function in the Linux kernel’s device initialization subsystem is related to the repeated release of memory. Exploiting this vulnerability allows an attacker to cause a service failure using the malicious HCI TTY Bluetooth device...

The vulnerability of the XSA-365 component in the Linux operating system, related to incorrect data initialization, allows a hacker to trigger a service failure.

The vulnerability of the XSA-365 component in the Linux operating system is related to incorrect data initialization. Exploiting this vulnerability can allow an attacker to cause a service failure...

Initialize can be called multiple times!!!!

Handle pants Vulnerability details Initialize can be called multiple times. Initialize function must be called only by the contract owner and only once for safety. line 74 --- The text was updated successfully, but these errors were encountered: All reactions...

ALPINE-CVE-2021-41617

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with...

OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand

OpenBSD Project reports: sshd8 from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as ...

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers from the Openbsd Project Group. The tools are an open source implementation of the SSH protocol that supports encryption of all transmissions, effectively blocking eavesdropping, connection hijacking,...

Samba 3.0.0 <= 3.0.1 Vulnerability (CVE-2004-0082)

mksmbpasswd shell script may create accounts with easily guessable passwords. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

Siemens Solid Edge Viewer OBJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-34703

A vulnerability in the Link Layer Discovery Protocol LLDP message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. This vulnerability is due to improper initialization of a...

USN-5073-3: Linux kernel (Raspberry Pi) vulnerabilities

Norbert Slusarek discovered that the CAN broadcast manger bcm protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-34693 Murray McAllister discovered that the...

The vulnerability of the libxl__domain_suspend_state structure in Xen hypervisors lies in the lack of resource initialization, which allows attackers to trigger a service failure.

The vulnerability of the libxldomainsuspendstate structure in Xen hypervisors stems from the fact that this structure does not utilize the standard initialization and deallocation mechanism. Exploiting this vulnerability could allow an attacker to cause a service failure...