Vulnerabilities > Improper Initialization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-11 | CVE-2017-15897 | Improper Initialization vulnerability in Nodejs Node.Js Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. | 3.1 |
| 2017-12-06 | CVE-2017-13153 | Improper Initialization vulnerability in Google Android 8.0 An elevation of privilege vulnerability in the Android media framework (libaudioservice). | 7.8 |
| 2017-11-02 | CVE-2017-12262 | Improper Initialization vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. | 8.8 |
| 2017-09-21 | CVE-2017-14681 | Improper Initialization vulnerability in P3Scan Project P3Scan 3.0 The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan. | 5.5 |
| 2017-09-20 | CVE-2017-14610 | Improper Initialization vulnerability in Bareos bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | 7.8 |
| 2017-09-20 | CVE-2017-14609 | Improper Initialization vulnerability in Kannel The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox. | 7.8 |
| 2017-09-05 | CVE-2017-14159 | Improper Initialization vulnerability in multiple products slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. | 4.7 |
| 2017-09-01 | CVE-2017-14102 | Improper Initialization vulnerability in Mimedefang 2.80 MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts. | 7.8 |
| 2017-08-29 | CVE-2017-13715 | Improper Initialization vulnerability in Linux Kernel The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet. | 9.8 |
| 2017-08-23 | CVE-2017-13649 | Improper Initialization vulnerability in Unrealircd UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | 5.5 |