Vulnerabilities > Improper Initialization

DATE CVE VULNERABILITY TITLE RISK
2017-12-06 CVE-2017-13153 Improper Initialization vulnerability in Google Android 8.0
An elevation of privilege vulnerability in the Android media framework (libaudioservice).
local
low complexity
google CWE-665
7.8
2017-11-02 CVE-2017-12262 Improper Initialization vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module
A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device.
low complexity
cisco CWE-665
8.8
2017-09-21 CVE-2017-14681 Improper Initialization vulnerability in P3Scan Project P3Scan 3.0
The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.
local
low complexity
p3scan-project CWE-665
5.5
2017-09-20 CVE-2017-14610 Improper Initialization vulnerability in Bareos
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
local
low complexity
bareos CWE-665
7.8
2017-09-20 CVE-2017-14609 Improper Initialization vulnerability in Kannel
The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox.
local
low complexity
kannel CWE-665
7.8
2017-09-05 CVE-2017-14159 Improper Initialization vulnerability in multiple products
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.
local
high complexity
openldap oracle CWE-665
4.7
2017-09-01 CVE-2017-14102 Improper Initialization vulnerability in Mimedefang 2.80
MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts.
local
low complexity
mimedefang CWE-665
7.8
2017-08-29 CVE-2017-13715 Improper Initialization vulnerability in Linux Kernel
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.
network
low complexity
linux CWE-665
critical
9.8
2017-08-23 CVE-2017-13649 Improper Initialization vulnerability in Unrealircd
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
local
low complexity
unrealircd CWE-665
5.5
2017-08-23 CVE-2017-12847 Improper Initialization vulnerability in Nagios
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
local
high complexity
nagios CWE-665
6.3