KLA12155 Multiple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to obtain sensitive information, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in CoreText can be exploited to obta...

CVE-2021-0234

Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS Distributed Denial of Service settings when configured from the CLI. The DDoS...

Input validation

Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS Distributed Denial of Service settings when configured from the CLI. The DDoS...

CVE-2021-0234

CVE-2021-0234 affects Juniper Networks Junos OS on QFX5100-96S with QFX 5e Series image. The issue is an improper initialization that prevents ddos-protection changes from taking effect beyond default DDoS settings configured via CLI. The ddos-protection (jddosd) daemon keeps the device functioni...

CVE-2021-0234 Junos OS: QFX5100-96S: DDoS protection does not work as expected.

Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS Distributed Denial of Service settings when configured from the CLI. The DDoS...

KLA12156 Multiple vulnerabilities in Apple iTunes

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability in WebKit can be exploited to perfo...

Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within t...

Corel Parallels Desktop 缓冲区错误漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the Toolgate component in Parallels Desktop version 15.1.5-47309. The vulnerability stems from failure to properly initialize memory before accessing it. A local attacker could exploit t...

Corel Parallels Desktop 缓冲区错误漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the Toolgate component in Parallels Desktop version 15.1.4-47270. The vulnerability stems from failure to properly initialize memory before accessing it. A local attacker could exploit t...

Eclipse OpenJ9 安全漏洞

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in Eclipse Openj9 version 0.25, which stems from the fact that the jdk.internal.reflect.ConstantPool API causes the JVM to pre-parse...

Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within t...

Fields stuck after initialization

Handle adelamo Vulnerability details Impact If I am right, the impact could be middle or high. Proof of Concept Here you have a gist: Tools Used Vscode Recommended Mitigation Steps In order to fix the issue, we need to fetch the data from the loan wherever we need it in DebtLocker --- The text wa...

Citrix WEM Agent Host Service Initialization failed - event id 0

Wem Agent fails to start - in the event log we see the error: Event id 0 - Agent host Service Initialization Failed...

SUSE: Security Advisory (SUSE-SU-2019:0060-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2021-1752)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Azure Sphere mqueue inode initialization kernel code execution vulnerability

Summary A code execution vulnerability exists in the mqueue inode initialization functionality of Microsoft Azure Sphere 21.01. A specially crafted set of syscalls can lead to uninitialized kernel read, which in turn leads to code execution in kernel. To trigger this vulnerability, an attacker ca...

CVE-2013-1054

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus...

UBUNTU-CVE-2013-1054

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus...

CVE-2013-1054 Possible remote DOS in WebApps

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus...

Information disclosure

Trustzone initialization code will disable xPUs when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...