Design/Logic Flaw

ulfiusurilogger in Ulfius HTTP Framework before 2.7.4 omits coninfo initialization and a coninfo-request NULL check for certain malformed HTTP requests...

CVE-2021-40540

ulfiusurilogger in Ulfius HTTP Framework before 2.7.4 omits coninfo initialization and a coninfo-request NULL check for certain malformed HTTP requests...

UBUNTU-CVE-2021-40540

ulfiusurilogger in Ulfius HTTP Framework before 2.7.4 omits coninfo initialization and a coninfo-request NULL check for certain malformed HTTP requests...

CVE-2021-40540

ulfiusurilogger in Ulfius HTTP Framework before 2.7.4 omits coninfo initialization and a coninfo-request NULL check for certain malformed HTTP requests...

Github ulfius输入验证错误漏洞

Github ulfius is the HTTP framework for REST applications in C. An input validation error vulnerability exists in ulfius, which stems from the coninfo initialization of ulfiusurilogger and coninfo-request in the product failing to adequately check HTTP requests. The following products and version...

GitHub Security Lab: Java: Static initialization vector

This bug was reported directly to GitHub Security Lab...

mod_auth_openidc 输入输入验证错误漏洞

modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server, used as an OpenID Connect dependency to authenticate users according to the OpenID Connect provider. modauthopenidc is an authentication/authorization module for the Apache 2.x...

PT-2021-7629

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw was found in the filelock init function in fs/locks.c of the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating...

in leantime/leantime

✍️ Description In the source code of the application, the Secret Hash value and the initialization vector is being hardcoded. 🕵️‍♂️ Proof of Concept In the following code snippet, we can see the hard-coded secret hash and IV. private $encryptionMethod = 'AES-256-CBC'; private $secrethash =...

CyberArk Credential File Insufficient Effective Key Space

Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31796 2. Vulnerability Description CyberArk...

(0Day) Fuji Electric Tellus Lite V-Simulator V8 File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Use of Uninitialized Resource in ms3d

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

Improper Input Validation in once_cell

If during the first dereference of Lazy the initialization function panics, subsequent dereferences will execute std::hints::unreachableunchecked. Applications with panic = "abort" are not affected, as there will be no subsequent dereferences...

CVE-2021-30962

A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information...

SUSE: Security Advisory (SUSE-SU-2021:2791-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerabilities of the alloca() and strdup() functions in the Systemd initialization and service management subsystem allow a attacker to cause a service failure.

The vulnerability of the alloca and strdup functions in the Systemd initialization and service management subsystem is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a attacker to cause service failures...

USN-5045-1: Linux kernel vulnerabilities

Norbert Slusarek discovered that the CAN broadcast manger bcm protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-34693 It was discovered that the bluetooth...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5044-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5044-1 advisory. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a...

CVE-2021-37682

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

CVE-2021-0061

Improper initialization in some IntelR Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access...